[Ksplice][Ubuntu-22.10-Updates] New Ksplice updates for Ubuntu 22.10 Kinetic (USN-5911-1)

Tue Jul 4 07:16:00 UTC 2023

Synopsis: USN-5911-1 can now be patched using Ksplice
CVEs: CVE-2022-3169 CVE-2022-3344 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3643 CVE-2022-4139 CVE-2022-4379 CVE-2022-45869 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521 CVE-2023-0179 CVE-2023-0461 CVE-2023-0468 CVE-2023-1382 CVE-2023-26605 CVE-2023-26607

Systems running Ubuntu 22.10 Kinetic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5911-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.10
Kinetic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521: Out-of-bounds memory access in WILC1000 wireless driver.

Improper validation of various user-supplied parameters in the WILC1000
wireless driver may lead to a head-based buffer overflow. A local user
could use this flaw for a denial-of-service or privilege escalation.

* CVE-2022-3169: Denial-of-service in NVM Express block device.

A flaw in ioctls of NVM Express block device could result in PCIe link
disconnect. A local user could use this flaw for a denial-of-service.

* CVE-2022-4379: Denial-of-service in NFS version 4 client.

A use-after-free flaw in NFS4 when handling a server-to-server copy
may cause an invalid pointer dereference. A remote attacker could use this
flaw for a denial-of-service.

* CVE-2023-0179: Denial-of-service when handling VLAN headers.

A logic error in the handling of VLAN headers in netfilter could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service or execute arbitrary code.

* CVE-2023-0461: Use-after-free in Upper Level Protocol.

A flaw in ULP when handling sockets entering the LISTEN state in certain
protocols may lead to a user-after-free. A local user could use this
flaw to cause a denial-of-service or elevate privileges on the system.

* CVE-2022-3344: Denial-of-service when allowing nested virtualization on AMD.

A logic error when handling nested guests from the hypervisor could lead
to a page fault on AMD. A guest attacker could use this flaw to cause a denial-
of-service.

* CVE-2022-4139: Information disclosure in Intel HD Graphics Driver.

A flaw in Intel HD Graphics Driver when flushing translation lookaside
buffers could allow access to physical memory which might be already
assigned to a different process. A local user could use this flaw for
denial-of-service or information disclosure.

* CVE-2022-45869: Denial-of-service when using virtualization with TDP MMU.

A locking error when using nested virtualization with TDP MMU enabled
could lead to a race condition. An attacker from a guest could use this
flaw to cause a denial-of-service.

* CVE-2023-0468: Denial-of-service in io_uring.

A race condition with poll_refs in io_uring can lead to a NULL pointer
dereference. A local user could use this flaw for a denial-of-service.

* CVE-2022-3435: Information disclosure in IPv4.

A flaw in ioctls of IPv4 could result in out-of-bounds read access.
A local user could use this flaw for information disclosure.

* CVE-2022-3521: Denial-of-service in Kernel Connection Multiplexor.

A flaw in the implementation of Kernel Connection Multiplexor sockets
could lead to a race condition when releasing sockets in some situations.
A local attacker could use this flaw to cause a denial-of-service.

* CVE-2022-3545: Use-after-free in Netronome Flow Processor Ethernet driver.

A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.

* Improved update to CVE-2022-3643: Denial-of-host-service via malicious Xen netfront packet.

The Xen netback handler does not properly handle packets with protocol
headers that span multiple slots. A malicious guest might exploit this
to crash certain varieties of network interface on the host.

* Use-after-free in Android binder.

A flaw in the binder subsystem when handling the mmap() syscall after
updating the process' mm via execve could lead to a use-after-free.
A local user could use this flaw to cause a denial-of-service or
escalate privileges.

* CVE-2023-26607: Out-of-bounds memory access in the NTFS filesystem driver.

Incorrect input validation before reading records attributes in the NTFS
filesystem driver could lead to out-of-bounds memory reads.  A local user
with the ability to mount hand-crafted NTFS filesystems could use this flaw
to cause a denial-of-service or to leak kernel memory.

* CVE-2023-26605: Use-after-free in the virtual filesystem layer.

A logic error when writing back an inode at the virtual filesystem layer
could lead to a use-after-free.  A local, unprivileged user could use this
flaw to cause a denial-of-service or potentially escalate its privileges.

* CVE-2023-1382: Use-after-free in the TIPC protocol server.

Incorrect reference counting when allocating a new TIPC connection opens a
race condition which can lead to a use-after-free.  A local, unprivileged
user could use this flaw to cause a denial-of-service or escalate its
privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.