[Ksplice][Ubuntu-22.10-Updates] New Ksplice updates for Ubuntu 22.10 Kinetic (USN-5911-1)
Oracle Ksplice
quentin.casasnovas at oracle.com
Tue Jul 4 07:16:00 UTC 2023
Synopsis: USN-5911-1 can now be patched using Ksplice
CVEs: CVE-2022-3169 CVE-2022-3344 CVE-2022-3435 CVE-2022-3521 CVE-2022-3545 CVE-2022-3643 CVE-2022-4139 CVE-2022-4379 CVE-2022-45869 CVE-2022-47518 CVE-2022-47519 CVE-2022-47520 CVE-2022-47521 CVE-2023-0179 CVE-2023-0461 CVE-2023-0468 CVE-2023-1382 CVE-2023-26605 CVE-2023-26607
Systems running Ubuntu 22.10 Kinetic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5911-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu 22.10
Kinetic install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-47518, CVE-2022-47519, CVE-2022-47520, CVE-2022-47521: Out-of-bounds memory access in WILC1000 wireless driver.
Improper validation of various user-supplied parameters in the WILC1000
wireless driver may lead to a head-based buffer overflow. A local user
could use this flaw for a denial-of-service or privilege escalation.
* CVE-2022-3169: Denial-of-service in NVM Express block device.
A flaw in ioctls of NVM Express block device could result in PCIe link
disconnect. A local user could use this flaw for a denial-of-service.
* CVE-2022-4379: Denial-of-service in NFS version 4 client.
A use-after-free flaw in NFS4 when handling a server-to-server copy
may cause an invalid pointer dereference. A remote attacker could use this
flaw for a denial-of-service.
* CVE-2023-0179: Denial-of-service when handling VLAN headers.
A logic error in the handling of VLAN headers in netfilter could lead to
an out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service or execute arbitrary code.
* CVE-2023-0461: Use-after-free in Upper Level Protocol.
A flaw in ULP when handling sockets entering the LISTEN state in certain
protocols may lead to a user-after-free. A local user could use this
flaw to cause a denial-of-service or elevate privileges on the system.
* CVE-2022-3344: Denial-of-service when allowing nested virtualization on AMD.
A logic error when handling nested guests from the hypervisor could lead
to a page fault on AMD. A guest attacker could use this flaw to cause a denial-
of-service.
* CVE-2022-4139: Information disclosure in Intel HD Graphics Driver.
A flaw in Intel HD Graphics Driver when flushing translation lookaside
buffers could allow access to physical memory which might be already
assigned to a different process. A local user could use this flaw for
denial-of-service or information disclosure.
* CVE-2022-45869: Denial-of-service when using virtualization with TDP MMU.
A locking error when using nested virtualization with TDP MMU enabled
could lead to a race condition. An attacker from a guest could use this
flaw to cause a denial-of-service.
* CVE-2023-0468: Denial-of-service in io_uring.
A race condition with poll_refs in io_uring can lead to a NULL pointer
dereference. A local user could use this flaw for a denial-of-service.
* CVE-2022-3435: Information disclosure in IPv4.
A flaw in ioctls of IPv4 could result in out-of-bounds read access.
A local user could use this flaw for information disclosure.
* CVE-2022-3521: Denial-of-service in Kernel Connection Multiplexor.
A flaw in the implementation of Kernel Connection Multiplexor sockets
could lead to a race condition when releasing sockets in some situations.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2022-3545: Use-after-free in Netronome Flow Processor Ethernet driver.
A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.
* Improved update to CVE-2022-3643: Denial-of-host-service via malicious Xen netfront packet.
The Xen netback handler does not properly handle packets with protocol
headers that span multiple slots. A malicious guest might exploit this
to crash certain varieties of network interface on the host.
* Use-after-free in Android binder.
A flaw in the binder subsystem when handling the mmap() syscall after
updating the process' mm via execve could lead to a use-after-free.
A local user could use this flaw to cause a denial-of-service or
escalate privileges.
* CVE-2023-26607: Out-of-bounds memory access in the NTFS filesystem driver.
Incorrect input validation before reading records attributes in the NTFS
filesystem driver could lead to out-of-bounds memory reads. A local user
with the ability to mount hand-crafted NTFS filesystems could use this flaw
to cause a denial-of-service or to leak kernel memory.
* CVE-2023-26605: Use-after-free in the virtual filesystem layer.
A logic error when writing back an inode at the virtual filesystem layer
could lead to a use-after-free. A local, unprivileged user could use this
flaw to cause a denial-of-service or potentially escalate its privileges.
* CVE-2023-1382: Use-after-free in the TIPC protocol server.
Incorrect reference counting when allocating a new TIPC connection opens a
race condition which can lead to a use-after-free. A local, unprivileged
user could use this flaw to cause a denial-of-service or escalate its
privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-22.10-updates
mailing list