[Ksplice][Ubuntu-24.04-Updates] New Ksplice updates for Ubuntu 24.04 Noble (USN-7089-1)

Oracle Ksplice gregory.herrero at oracle.com
Fri Nov 29 10:11:56 UTC 2024 

Synopsis: USN-7089-1 can now be patched using Ksplice
CVEs: CVE-2024-39487 CVE-2024-41012 CVE-2024-41015 CVE-2024-41020 CVE-2024-41027 CVE-2024-41034 CVE-2024-41035 CVE-2024-41041 CVE-2024-41042 CVE-2024-41044 CVE-2024-41060 CVE-2024-41063 CVE-2024-41067 CVE-2024-41071 CVE-2024-41072 CVE-2024-41073 CVE-2024-41076 CVE-2024-41079 CVE-2024-41082 CVE-2024-41089 CVE-2024-41090 CVE-2024-41091 CVE-2024-41093 CVE-2024-41095 CVE-2024-41096 CVE-2024-42070 CVE-2024-42077 CVE-2024-42098 CVE-2024-42101 CVE-2024-42102 CVE-2024-42106 CVE-2024-42110 CVE-2024-42114 CVE-2024-42119 CVE-2024-42145 CVE-2024-42152 CVE-2024-42225 CVE-2024-42232 CVE-2024-42280 CVE-2024-43858

Systems running Ubuntu 24.04 Noble can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-7089-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 24.04
Noble install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-39487: Information leak in bonding driver.

A missing check when using the bonding driver could lead to an out-of-bounds
memory read. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-41012, CVE-2024-41020: Information leak in POSIX file locking.

A race condition when using POSIX file locking could lead to a
use-after-free. A local attacker could use this flaw to extract
sensitive information or cause a denial-of-service.


* CVE-2024-41015: Disk corruption in OCFS2 filesystem.

A missing check when using the OCFS2 filesystem could lead to an out-of-
bounds memory access. A local attacker could use this flaw to cause disk
corruption.


* CVE-2024-41027: Denial-of-service in userfaultd driver.

A missing check when using the userfaultd ioctl could lead to a kernel
warning. A local attacker could use this flaw to cause a denial-of-
service by repetitively triggering the warning.


* CVE-2024-41034: Denial-of-service in NILFS2 file system driver.

A logic error when using the NILFS2 file system driver could lead to a
kernel assertion failure. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41035: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to a kernel
oops. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-41041: Denial-of-service in TCP/IP networking stack.

A race condition when using TCP/IP networking could lead to a
kernel oops. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41042: Denial-of-service in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to an
infinite loop / recursion. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41044: Information leak in PPP (point-to-point protocol) networking stack.

A missing check when using the PPP networking stack could lead to use of
uninitialized memory. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-41060: Denial-of-service in ATI Radeon driver.

A missing check when using the ATI Radeon driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41063: Denial-of-service in bluetooth core driver.

A logic error in the bluetooth core driver could lead to a
deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41067: Denial-of-service in BTRFS filesystem.

A logic error in the BTRFS filesystem could lead to an assert
or other unspecified behavior. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-41071: Remote privilege escalation in Generic IEEE 802.11 Networking Stack (mac80211) driver.

A logic error when scanning networks in the Generic IEEE 802.11
Networking Stack (mac80211) driver could lead to an out-of-bounds memory
access. A remote attacker could use this flaw to escalate privileges.


* CVE-2024-41072: Privilege escalation in core WiFi subsystem.

A missing check when using the core WiFi subsystem could lead to an out-
of-bounds memory access. A local attacker could use this flaw to cause a
denial-of-service or potentially escalate privileges.


* CVE-2024-41073: Memory corruption in NVME driver.

A logic error when discard request retried in the NVME driver could
lead to a double free. A local attacker could use this flaw to cause
memory corruption or as a step in another kind of attack.


* CVE-2024-41076: Denial-of-service in NFSv4 client driver.

Missing memory release when setting xattrs in the NFSv4 client driver
could lead to a memory leak. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-41079: Information leak in NVMe over Fabrics target subsystem.

A missing structure field initialization in the NVMe over Fabrics target
code could lead to leaking data from kernel memory. An attacker could
potentially use this flaw to extract sensitive information.


* CVE-2024-41082: Denial-of-service in NVMe over Fabrics host subsystem.

A logic error in the common NVMe over Fabrics host code could lead
to exhaustion of admin queue tags, which in some scenarios could
make the kernel unresponsive. An attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-41089, CVE-2024-41095, CVE-2024-42101: Denial-of-service in nouveau driver.

A missing check when using the nouveau driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41090, CVE-2024-41091: Information leak in Universal TUN/TAP device driver.

A missing check when using the Universal TUN/TAP device driver could
lead to an out-of-bounds memory access. A local attacker could use this
flaw to cause information leak.


* CVE-2024-41093: Denial-of-service in AMD GPU driver.

A missing check when using the AMD GPU driver could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-41096: Denial-of-service in Message Signaled Interrupts (MSI) driver.

A logic error when using the Message Signaled Interrupts (MSI and MSI-X)
driver could lead to a use-after-free. A local attacker could use this
flaw to cause denial-of-service.


* CVE-2024-42070: Privilege escalation in netfilter subsystem.

A logic error when using the netfilter subsystem could lead to a memory
leak. A local attacker could use this flaw to escalate privileges.


* CVE-2024-42077: Denial-of-service in OCFS2 file system driver.

A logic error when using the OCFS2 file system  driver could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-42098: Information leak in ECDH cryptographic driver.

A missing variable initialization when registering a private key in the
ECDH cryptographic driver could lead to leaking the previous value of a
private key. A local attacker could use this flaw to extract sensitive
information.


* CVE-2024-42102: Memory corruption in kernel memory manager.

Incorrect cast of a divisor when setting dirty page writeback limits in the
memory management subsystem could lead to divide-by-zero. A local attacker
could use this flaw to cause denial-of-service.


* CVE-2024-42106: Information leak in socket monitoring interface.

A missing variable initialization when using the socket monitoring
interface could lead to a use of uninitialized memory. A local
attacker could use this flaw to extract sensitive information.


* CVE-2024-42110: Denial-of-service in Virtual Ethernet over NTB Transport.

A logic error when using Virtual Ethernet over NTB Transport could
lead to a kernel assertion failure. An attacker could use this flaw
to cause a denial-of-service.


* CVE-2024-42114: Denial-of-service in Wireless driver.

A logic error when using the Wireless driver could lead to a deadlock. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-42119: Information leak in AMD display core driver.

A missing check when using the AMD display core driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-42145: Remote denial-of-service in InfiniBand driver.

A logic error when using the InfiniBand driver could lead to resource
exhaustion (uncontrolled resource consumption) when userspace does not
extract MAD packets at the same rate as the attacker is sending.  A
remote attacker could use this flaw to cause a denial-of-service.


* CVE-2024-42152: Denial-of-service in NVME driver.

A race condition when the client disconnects and the NVME admin connects
in the NVME driver could lead to a memory leak. An attacker could use
this flaw to cause a denial-of-service.


* CVE-2024-42225: Information leak in MediaTek MT7915E driver.

A missing variable initialization when using the MediaTek MT7915E driver
could lead to use of uninitialized memory. A local attacker could use
this flaw to extract sensitive information.


* CVE-2024-42232: Memory corruption in Ceph core library.

A logic error when using the Ceph core library could lead to a
use-after-free. A local attacker could use this flaw to cause memory
corruption.


* CVE-2024-42280: Information leak in HFC-4S/8S/E1 ISDN controller driver.

A logic error when using the HFC-4S/8S/E1 ISDN controller driver could
lead to a use-after-free. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-43858: Privilege escalation in JFS filesystem.

A missing check when using JFS could lead to an out-of-bounds memory
write. A local attacker could use this flaw to gain root privileges.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2023-52888, CVE-2024-41021, CVE-2024-41024, CVE-2024-41025,
CVE-2024-41026, CVE-2024-41066, CVE-2024-41074, CVE-2024-41075,
CVE-2024-42088, CVE-2024-42100, CVE-2024-42108, CVE-2024-42126,
CVE-2024-42128, CVE-2024-42144, CVE-2024-42146, CVE-2024-42147,
CVE-2024-42158, CVE-2024-42230, CVE-2024-42235, CVE-2024-42248,
CVE-2024-42156, CVE-2024-42155, CVE-2024-41051

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-24.04-updates mailing list