[Ksplice][Ubuntu-24.04-Updates] New Ksplice updates for Ubuntu 24.04 Noble (USN-6816-1)

Oracle Ksplice gregory.herrero at oracle.com
Wed Jul 3 12:03:21 UTC 2024 

Synopsis: USN-6816-1 can now be patched using Ksplice
CVEs: CVE-2022-38096 CVE-2022-48669 CVE-2023-52647 CVE-2023-6270 CVE-2023-7042 CVE-2024-21823 CVE-2024-22705 CVE-2024-25739 CVE-2024-26654 CVE-2024-26656 CVE-2024-26657 CVE-2024-26809 CVE-2024-26814 CVE-2024-26815 CVE-2024-26816 CVE-2024-26865 CVE-2024-26866 CVE-2024-26868 CVE-2024-26870 CVE-2024-26873 CVE-2024-26874 CVE-2024-26876 CVE-2024-26877 CVE-2024-26881 CVE-2024-26886 CVE-2024-26889 CVE-2024-26890 CVE-2024-26893 CVE-2024-26898 CVE-2024-26901 CVE-2024-26943 CVE-2024-26947 CVE-2024-26951 CVE-2024-26952 CVE-2024-26957 CVE-2024-26963 CVE-2024-26965 CVE-2024-26966 CVE-2024-26967 CVE-2024-26968 CVE-2024-26969 CVE-2024-26970 CVE-2024-26971 CVE-2024-26973 CVE-2024-27028 CVE-2024-27030 CVE-2024-27031 CVE-2024-27037 CVE-2024-27050 CVE-2024-27051 CVE-2024-27068 CVE-2024-27070 CVE-2024-27076 CVE-2024-27392 CVE-2024-27432 CVE-2024-27433 CVE-2024-35803 CVE-2024-35806 CVE-2024-35818 CVE-2024-35819 CVE-2024-35827

Systems running Ubuntu 24.04 Noble can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6816-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 24.04
Noble install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-38096: Denial-of-service in DRM driver for VMware Virtual GPU.

Incorrect return status checks when using improperly initialized
rendering contexts in vmwgfx could lead to a null pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2023-6270, CVE-2024-26898: Use-after-free in ATA-over-Ethernet driver.

Due to incorrect handling of device refcount in the ATA-over-Ethernet
(AoE) driver, a race is possible between freeing of an AoE device and
access through associated socket buffers, leading to a use-after-free.
A local attacker can exploit this flaw to cause a denial-of-service or
execute arbitrary code.


* CVE-2023-7042: Denial-of-service in Atheros WiFi driver.

Failure to check the existence of a TLV before accessing it when
handling management tx complete events in the Atheros WiFi driver
can lead to a null-pointer dereference. A local attacker can exploit
this flaw to cause a denial-of-service.


* CVE-2024-21823: Denial-of-service in Intel Data Accelerators hardware.

A hardware flaw on Intel DSA and Intel IAA hardware could lead
to a kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-22705: Information leak in kernel SMB server.

The kernel implementation of SMB server did not properly validate
request buffer sizes, which could lead to an out-of-bounds read
vulnerability. An attacker could use this vulnerability to cause
a denial-of-service or potentially obtain sensitive information.


* CVE-2024-25739: Denial-of-service in Unsorted block images (UBI).

Incorrect validation of logical eraseblock sizes in UBI support could lead to a
kernel crash. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-26656: Denial-of-service in AMD GPU driver.

Incorrect checks on parameters passed from userspace when sending an
ioctl to the AMD GPU driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26657: Denial-of-service in AMD GPU driver.

Incorrect checks on parameters passed from userspace when sending an
ioctl to the AMD GPU driver could lead to a null pointer dereference. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26809: Denial-of-service when destroying pipapo socket.

A logic error when destroying pipapo socket could lead to
use-after-free.  A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-26815: Privilege escalation in Time Aware Priority (taprio) Scheduler.

Incorrect check on parameters passed from userspace when using tarprio
could lead to an out-of-bounds memory write. A local attacker could use
this flaw to escalate privileges.


* CVE-2024-26816: Information leak in /sys/kernel/notes for x86 systems.

An unprivileged attacker can read /sys/kernel/notes which contains
relocations of Xen variables. As System.map file is also readable
by an unprivileged attacker, KASLR can be bypassed since the attacker
can find out the relative offsets and combine that with the Xen
relocation address to find the address of any kernel symbol, which
can facilitate an attack, like privilege escalation.


* CVE-2024-26865: Privilege escalation in Reliable Datagram Sockets Protocol.

A race condition when tearing down a network namespace after connecting
to a socket using the RDS protocol could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service or escalate
privileges.


* CVE-2024-26868: Denial-of-service in NFS client support.

Incorrect return status check when nfs4_ff_layout_prepare_ds() fails in
NFS client support could lead to a null pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26870: Denial-of-service when listing xattr in NFS client driver.

A logic error when listing xattr in NFS client driver could lead to a
kernel assert. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-26886: Denial-of-service in Bluetooth subsystem support.

A race condition when using af_bluetooth could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-26889: Out-of-bounds write in core Bluetooth subsystem.

When using the HCIGETDEVINFO ioctl command, a buffer overflow is
possible if the device name is bigger than expected. A remote
attacker can exploit this flaw to cause a denial-of-service or
privilege escalation.


* CVE-2024-26901: Information leak in file handle syscalls.

Incorrect initialisation in file handle code in core fs subsystem can
lead to an information leak. A local attacker can exploit this flaw to
extract sensitive information from the kernel memory or aid in other
types of attacks.


* CVE-2024-26951: Information leak in WireGuard secure network tunnel.

A race condition when dumping device information after peers were
recently removed from an interface in wireguard could lead to a use-
after-free. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-26952: Information leak in kernel SMB server.

The kernel implementation of SMB server did not properly validate
request buffer sizes, which could lead to an out-of-bounds read
vulnerability. An attacker could use this vulnerability to cause
a denial-of-service or potentially obtain sensitive information.


* CVE-2024-26973: Information leak in FAT filesystem support.

A missing variable initialization when using FAT filesystem support
could lead to exposure of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.


* CVE-2024-27031: Denial-of-service in NFS client support.

A race condition when using NFS client caching support could lead to
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-27070: Denial-of-service in F2FS filesystem support.

A race condition when using F2FS filesystem support could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-27392: Privilege escalation in NVME support.

A double free error when nvme_identify_ns() fails in NVME support could
lead to a use-after-free. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-35827: Information leak in IO uring support.

An integer overflow when using multishot requests in io_uring could lead
to an out-of-bounds memory access. A local attacker could use this flaw
to extract sensitive information or cause a denial of service.


* Note: Oracle will not provide a zero-downtime update for CVE-2024-26890.

An error when computing memory allocation size in the Bluetooth realtek
driver when used with a Three-wire UART (H5) device may lead to an
out-of-bounds memory write. An attacker could use this flaw to cause a
denial-of-service or escalate privileges.

Oracle has determined that patching CVE-2024-26890 on a running system
would not be safe and recommends rebooting affected hosts with a up-to-date
kernel to mitigate the vulnerability.


* Note: Oracle has determined that CVE-2022-48669 is not applicable.

The kernel is not affected by CVE-2022-48669
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2023-52647 is not applicable.

The kernel is not affected by CVE-2023-52647
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26654 is not applicable.

The kernel is not affected by CVE-2024-26654
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26814 is not applicable.

The kernel is not affected by CVE-2024-26814
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26866 is not applicable.

The kernel is not affected by CVE-2024-26866
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26873 is not applicable.

The kernel is not affected by CVE-2024-26873
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26874 is not applicable.

The kernel is not affected by CVE-2024-26874
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26876 is not applicable.

The kernel is not affected by CVE-2024-26876
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26877 is not applicable.

The kernel is not affected by CVE-2024-26877
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26881 is not applicable.

The kernel is not affected by CVE-2024-26881
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26893 is not applicable.

The kernel is not affected by CVE-2024-26893
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26943 is not applicable.

The kernel is not affected by CVE-2024-26943
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26947 is not applicable.

The kernel is not affected by CVE-2024-26947
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26957 is not applicable.

The kernel is not affected by CVE-2024-26957
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26963 is not applicable.

The kernel is not affected by CVE-2024-26963
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26965 is not applicable.

The kernel is not affected by CVE-2024-26965
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26966 is not applicable.

The kernel is not affected by CVE-2024-26966
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26967 is not applicable.

The kernel is not affected by CVE-2024-26967
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26968 is not applicable.

The kernel is not affected by CVE-2024-26968
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26969 is not applicable.

The kernel is not affected by CVE-2024-26969
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26970 is not applicable.

The kernel is not affected by CVE-2024-26970
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-26971 is not applicable.

The kernel is not affected by CVE-2024-26971
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27028 is not applicable.

The kernel is not affected by CVE-2024-27028
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27030 is not applicable.

The kernel is not affected by CVE-2024-27030
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27037 is not applicable.

The kernel is not affected by CVE-2024-27037
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27050 is not applicable.

The kernel is not affected by CVE-2024-27050
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27051 is not applicable.

The kernel is not affected by CVE-2024-27051
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27068 is not applicable.

The kernel is not affected by CVE-2024-27068
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27076 is not applicable.

The kernel is not affected by CVE-2024-27076
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27432 is not applicable.

The kernel is not affected by CVE-2024-27432
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-27433 is not applicable.

The kernel is not affected by CVE-2024-27433
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35803 is not applicable.

The kernel is not affected by CVE-2024-35803
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35806 is not applicable.

The kernel is not affected by CVE-2024-35806
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35818 is not applicable.

The kernel is not affected by CVE-2024-35818
since the code under consideration is not compiled.


* Note: Oracle has determined that CVE-2024-35819 is not applicable.

The kernel is not affected by CVE-2024-35819
since the code under consideration is not compiled.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-24.04-updates mailing list