[Ksplice][Ubuntu-22.10-Updates] New Ksplice updates for Ubuntu 22.10 Kinetic (USN-5970-1)

Tue Jul 4 18:41:08 UTC 2023

Synopsis: USN-5970-1 can now be patched using Ksplice
CVEs: CVE-2022-2196 CVE-2022-42328 CVE-2022-42329 CVE-2022-4382 CVE-2023-0045 CVE-2023-0266 CVE-2023-0469 CVE-2023-1195 CVE-2023-2166 CVE-2023-23559 CVE-2023-28327

Systems running Ubuntu 22.10 Kinetic can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-5970-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 22.10
Kinetic install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.

* CVE-2023-23559: Buffer overflow in driver for RNDIS-based wireless USB devices.

A buffer overflow exists in the driver code for wireless USB devices based on
Remote Network Driver Interface Specification (RNDIS). This could allow a local
user to cause denial-of-service.

* CVE-2023-1195: Denial-of-service when using CIFS driver.

A missing pointer clearing when closing a CIFS session could use to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.

* CVE-2022-2196: Information leak in Kernel-based Virtual Machine.

A flaw in KVM due to a missing flush of indirect branch predictors
at VM-exit time may result in a leak of information.
A nested guest VM (L2) may use this flaw to perform Spectre v2 attacks
on L1 guest VMs.

* CVE-2022-4382: Use-after-free in USB Gadget Filesystem driver.

A race condition in the gadgetfs driver when processes are concurrently
mounting and unmounting the gadgetfs filesystem may lead to a
use-after-free. A local user could use this flaw to cause a
denial-of-service or elevate privileges on the system.

* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.

* CVE-2023-2166: Denial-of-service when using CAN bus subsystem.

A missing check when using CAN bus subsystem could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2023-28327: NULL pointer dereference in Unix socket monitoring.

A logic error in Unix socket monitoring could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.

* CVE-2023-0469: Privilege escalation in the io_uring subsystem.

A logic error in the io_uring subsystem could lead to use-after-free.
A local attacker could use this flaw to cause a denial-of-service or
escalate privileges.

* CVE-2022-42328, CVE-2022-42329, XSA-424: Denial-of-service in Xen Netback driver.

A logic flaw in Xen Netback driver when trying to free the SKB of
a dropped packet in some situations could result in a deadlock.
A local user could use this flaw for a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.