From gregory.herrero at oracle.com Thu Jan 16 05:04:13 2025 From: gregory.herrero at oracle.com (Oracle Ksplice) Date: Thu, 16 Jan 2025 05:04:13 +0000 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7166-1) Message-ID: <30820b2355019cae42e3fc4feb606f65.apache@ksplice.com> Synopsis: USN-7166-1 can now be patched using Ksplice CVEs: CVE-2023-52532 CVE-2024-38538 CVE-2024-38544 CVE-2024-39463 CVE-2024-41016 CVE-2024-42079 CVE-2024-46695 CVE-2024-46858 CVE-2024-46865 CVE-2024-47670 CVE-2024-47674 CVE-2024-47685 CVE-2024-47692 CVE-2024-47701 CVE-2024-47706 CVE-2024-47723 CVE-2024-47739 CVE-2024-47742 CVE-2024-49860 CVE-2024-49863 CVE-2024-49867 CVE-2024-49868 CVE-2024-49878 CVE-2024-49882 CVE-2024-49883 CVE-2024-49884 CVE-2024-49900 CVE-2024-49936 CVE-2024-49944 CVE-2024-49948 CVE-2024-49949 CVE-2024-49957 CVE-2024-49958 CVE-2024-49966 CVE-2024-49982 CVE-2024-49983 CVE-2024-49995 CVE-2024-50033 CVE-2024-50035 CVE-2024-50045 CVE-2024-50179 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7166-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2023-52532: Denial-of-service in Microsoft Azure Network Adapter (MANA) driver. A logic error when handling a TX CQE error in the Microsoft Azure Network Adapter (MANA) driver could lead to a reference count leak. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-38538: Data corruption in 802.1d Ethernet Bridging. A missing check when sending a short skb in the 802.1d Ethernet Bridging driver could lead to use of uninitialized memory. An attacker could use this flaw to cause data corruption. * CVE-2024-38544: Denial-of-service in Software RDMA over Ethernet (RoCE) driver. A race condition when using the Software RDMA over Ethernet (RoCE) driver could lead to a use-after-free. An attacker could use this flaw to cause a denial-of-service. * CVE-2024-39463: Privilege escalation in Plan 9 Resource Sharing (9P2000) driver. A locking error when using the Plan 9 Resource Sharing (9P2000) driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-41016, CVE-2024-47670: Privilege escalation in OCFS2 filesystem. Missing checks when reading extended attributes in the OCFS2 filesystem could lead to an out-of-bounds memory access. A local attacker could use a crafted image to escalate privileges. * CVE-2024-42079: Denial-of-service in GFS2 file system driver. A race condition when unmounting the GFS2 file system driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-46695: Permission bypass in NSA SELinux driver. A logic error when a NFS client tries to change SELinux files context on a disk exported by a NFS server could lead to permission bypass. * CVE-2024-46858: Privilege escalation in Multipath TCP driver. A logic error when using the Multipath TCP driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-46865: Denial-of-service in Foo protocol over UDP. A logic error when using the Foo protocol over UDP could lead to use of uninitialized memory. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47674: Privilege escalation in MMU-based Paged Memory Management driver. A logic error in the MMU-based Paged Memory Management driver could lead to use of uninitialized memory. A local attacker could use this flaw to escalate privileges. * CVE-2024-47685: Remote information leak in Netfilter. A missing check in Netfilter when using IPv6 packet rejection rules could lead to using uninitialized memory. A remote attacker could use this flaw to extract sensitive information. * CVE-2024-47692: Denial-of-service in NFS server driver. A missing check when using the NFS server driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47701: Privilege escalation in ext4 filesystem. A race condition when using the ext4 filesystem could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-47706: Privilege escalation in generic block I/O layer. A missing check when using the generic block I/O layer could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-47723: Information leak in JFS. Missing checks in the JFS filesystem driver could lead to an out-of-bounds access. A local attacker could use this flaw to leak sensitive information or cause a denial-of-service. * CVE-2024-47739: Denial-of-service in padata subsystem. A locking error when using the padata subsystem could lead to a deadlock. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-47742: Privilege escalation in the firmware loader driver. A missing check when user loads a firmware using firmware loader driver indirectly could lead to loading arbitrary files. A local attacker could use this flaw to escalate privileges. * CVE-2024-49860: Information leak in ACPI driver. A missing check when using the ACPI driver could lead to an out-of-bounds memory read. A local attacker could use this flaw to extract sensitive information. * CVE-2024-49863: Denial-of-service in virtio SCSI driver. A missing check when retrieving SCSI request in the virtio SCSI driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49867: Privilege escalation in BTRFS filesystem. A missing flush when unmounting the BTRFS filesystem could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49868: Denial-of-service in BTRFS filesystem. A missing check when using the BTRFS filesystem could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49878: Information leak in kernel resource manager with CXL memory. A logic error in the kernel resource manager when CXL memory is in use could lead to accessing normally restricted part of the memory. A local attacker could use this flaw to leak sensitive information. * CVE-2024-49882: Code execution in ext4 filesystem. A logic error in the ext4 filesystem could lead to a double free. A local attacker could use this flaw to execute arbitrary code in kernel mode. * CVE-2024-49883: Privilege escalation in ext4 filesystem. A logic error when using the ext4 filesystem could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49884: Privilege escalation in EXT4 filesystem driver. A logic error when adding extent in the EXT4 filesystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49900: Information leak in JFS. A logic error in the JFS filesystem driver could lead to using an uninitialized buffer when working with extended attributes. A local attacker could use this flaw to leak sensitive information from kernel space. * CVE-2024-49936: Privilege escalation in Xen backend network device driver. A locking error when using the Xen backend network device driver could lead to a use-after-free. An attacker from a guest VM could use this flaw to escalate privileges. * CVE-2024-49944: Denial-of-service in SCTP Protocol driver. A missing check when listening on a socket in the SCTP Protocol driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49948, CVE-2024-49949: Denial-of-service in core networking layer. Missing checks on maliciously crafted packets from userspace could cause an underflow leading to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49957: Denial-of-service in OCFS2 file system driver. A logic error when mounting a filesystem with a corrupted journal in the OCFS2 file system driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-49958: Denial-of-service in OCFS2 filesystem. A logic error when using the OCFS2 filesystem could lead to disk corruption, and a potential kernel panic. A local attacker could use this flaw to corrupt a filesystem, or cause a denial-of-service. * CVE-2024-49966: Privilege escalation in OCFS2 file system driver. A logic error when reading information header from global quota file in the OCFS2 file system driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49982: Use-after-free in ATA-over-Ethernet driver. Due to incorrect handling of device refcount in the ATA-over-Ethernet (AoE) driver, a race is possible between freeing of an AoE device and access through associated socket buffers, leading to a use-after-free. A local attacker can exploit this flaw to cause a denial-of-service or execute arbitrary code. * CVE-2024-49983: Privilege escalation in EXT4 filesystem driver. A logic error when using fast commit feature of the EXT4 filesystem driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-49995: Privilege escalation in TIPC Protocol driver. A logic error when setting TIPC bearer name in the TIPC Protocol driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50033: Privilege escalation in SLHC driver. A logic error when using the Van Jacobson TCP/IP Serial Line Header Compression (SLHC) driver could lead to an out-of-bounds memory access. A local attacker could use this flaw to escalate privileges. * CVE-2024-50035: Information leak in PPP (point-to-point protocol) networking stack. A missing check when transmitting using the PPP networking stack could lead to use of uninitialized memory. A local attacker could use this flaw to extract sensitive information. * CVE-2024-50045: Denial-of-service in bridge netfilter driver. A logic error when sending traffic using the bridge netfilter driver could lead to a NULL pointer dereference. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50179: Denial-of-service in Ceph distributed file system driver. A logic error when setting dirty pages in the Ceph distributed file system driver could lead to a kernel assertion failure. A local attacker could use this flaw to cause a denial-of-service. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From gregory.herrero at oracle.com Fri Jan 24 07:47:40 2025 From: gregory.herrero at oracle.com (Gregory Herrero) Date: Fri, 24 Jan 2025 08:47:40 +0100 Subject: [Ksplice][Ubuntu-22.04-Updates] New Ksplice updates for Ubuntu 22.04 Jammy (USN-7179-1) Message-ID: Synopsis: USN-7179-1 can now be patched using Ksplice CVEs: CVE-2024-26822 CVE-2024-35963 CVE-2024-35965 CVE-2024-35966 CVE-2024-35967 CVE-2024-50264 CVE-2024-53057 Systems running Ubuntu 22.04 Jammy can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-7179-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu 22.04 Jammy install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2024-26822: Privilege escalation in SMB3 and CIFS driver. A missing check when automounting the SMB3 and CIFS filesystems could lead to reusing the values from the parent mount. A local attacker could use this flaw to escalate privileges. * CVE-2024-35963, CVE-2024-35965, CVE-2024-35966, CVE-2024-35967: Denial-of-service in Bluetooth subsystem. A missing check in several setsockopt handlers could lead to an out-of-bounds read in the Bluetooth subsystem. A local attacker could use this flaw to cause a denial-of-service. * CVE-2024-50264: Privilege escalation in Virtual Socket protocol driver. A missing variable initialization during loopback communication in the Virtual Socket protocol driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. * CVE-2024-53057: Privilege escalation in network QoS/scheduling driver. A logic error when using the network QoS/scheduling driver could lead to a use-after-free. A local attacker could use this flaw to escalate privileges. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.