[Ksplice][Ubuntu-24.04-Updates] New Ksplice updates for Ubuntu 24.04 Noble (USN-6999-1)

Oracle Ksplice gregory.herrero at oracle.com
Tue Oct 8 09:27:45 UTC 2024 

Synopsis: USN-6999-1 can now be patched using Ksplice
CVEs: CVE-2024-36244 CVE-2024-36281 CVE-2024-36286 CVE-2024-36288 CVE-2024-36477 CVE-2024-36489 CVE-2024-36971 CVE-2024-36972 CVE-2024-36978 CVE-2024-37354 CVE-2024-38618 CVE-2024-38630 CVE-2024-38659 CVE-2024-38663 CVE-2024-39276 CVE-2024-39463 CVE-2024-39489 CVE-2024-39490 CVE-2024-39493 CVE-2024-39494 CVE-2024-39496 CVE-2024-39497 CVE-2024-39499 CVE-2024-39502 CVE-2024-39503 CVE-2024-40901 CVE-2024-40904 CVE-2024-40905 CVE-2024-40911 CVE-2024-40912 CVE-2024-40914 CVE-2024-40920 CVE-2024-40921 CVE-2024-40928 CVE-2024-40936 CVE-2024-40937 CVE-2024-40939 CVE-2024-40942 CVE-2024-40954 CVE-2024-40957 CVE-2024-40958 CVE-2024-40959 CVE-2024-40960 CVE-2024-40961 CVE-2024-40969 CVE-2024-40971 CVE-2024-40981 CVE-2024-40983 CVE-2024-40990 CVE-2024-40995 CVE-2024-41040

Systems running Ubuntu 24.04 Noble can now use Ksplice to patch
against the latest Ubuntu Security Notice, USN-6999-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu 24.04
Noble install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2024-36244: Denial-of-service in Time Aware Priority (taprio) Scheduler driver.

A logic error when using the Time Aware Priority (taprio) Scheduler
driver could lead to a deadlock. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-36281: Denial-of-service in Mellanox driver.

A logic error when using the Mellanox driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-36286: Denial-of-service in netfilter subsystem.

A missing read lock in the netfilter subsystem when unbinding a program
from a specific queue could lead to flushing in an incorrect way. A
local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-36288: Memory corruption in SUNRPC GSS driver.

A missing check when using the SUNRPC GSS driver could lead to an
out-of-bound memory access. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-36477: Data corruption in TPM driver.

Incorrect buffer allocation size in TPM Hardware support driver
could lead to an out-of-bounds memory access during SPI transfer
buffer access. A local attacker could use this flaw to cause data
corruption.


* CVE-2024-36489: Denial-of-service in Transport Layer Security support.

A race condition when initializing Upper Layer Protocols (ULPs) over TCP
sockets for Transport Layer Security support could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-36971: Remote code execution in TCP/IP networking stack.

A logic error when using the TCP/IP networking stack could lead to a use-
after-free. A remote attacker could use this flaw to execute arbitrary
code in kernel mode.


* CVE-2024-36972: Denial-of-service in the Unix socket subsystem.

A locking error when using the Unix socket subsystem could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-36978: Privilege escalation in MULTIQ driver.

A logic error when using the MULTIQ driver could lead to an
out-of-bounds memory write. A local attacker could use this flaw to
escalate privileges.


* CVE-2024-37354: Denial-of-service in Btrfs filesystem driver.

A logic error when preallocating extents in the Btrfs filesystem driver
could lead to a kernel panic. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-38618: Denial-of-service in the core sound subsystem (ALSA).

A missing check in the timer code of the core sound subsystem (ALSA)
could lead to tasks being stalled. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-38630: Privilege escalation in SMA CPU5 Watchdog driver.

A logic error when unloading the SMA CPU5 Watchdog driver could lead to
a use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-38659: Information leak in Cisco VIC Ethernet driver.

A missing check when using the Cisco VIC Ethernet driver could lead to
an out-of-bounds memory read. A local attacker could use this flaw to
extract sensitive information.


* CVE-2024-38663: Denial-of-service in block IO controller cgroup interface.

A logic error in the generic block IO controller cgroup interface when resetting
io stats could lead to internal data structure corruption. A local attacker
could use this flaw to cause memory corruption.


* CVE-2024-39276: Resource leak in ext4 filesystem.

Incorrect reference counting when using the ext4 filesystem could lead
to a reference count leak. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-39463: Privilege escalation in Plan 9 Resource Sharing driver.

A missing check when releasing a dentry in the Plan 9 Resource Sharing
driver could lead to a use-after-free. A local attacker could use this
flaw to escalate privileges.


* CVE-2024-39489: Denial-of-service in IPv6 HMAC Segment Routing.

A missing check when using IPv6 HMAC Segment Routing could lead to a
memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39490: Denial-of-service in IPv6 Segment Routing.

A logic error when adding the Segment Routing Header to an IPv6 packet could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39493: Denial-of-service in Cryptographic API using Intel QAT.

A logic error in the Cryptographic API using Intel QuickAssist Technology could
lead to a memory leak. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39494: Denial-of-service in Integrity Measurement Architecture(IMA) driver.

A logic error when using the Integrity Measurement Architecture(IMA)
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2024-39496: Denial-of-service in Zoned block device driver.

A locking error when replacing a device in the Zoned block device driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-39497: Denial-of-service in GEM shmem helper driver.

A missing check when using the GEM shmem helper driver could lead to a
kernel panic. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-39499: Information leak in VMware VMCI Driver.

A logic error when using the VMware VMCI Driver could lead to an out-of-
bounds memory access. A local attacker could use this flaw to extract
sensitive information.


* CVE-2024-39502: Denial-of-service in Pensando Ethernet IONIC driver.

A logic error when using the Pensando Ethernet IONIC driver could lead
to a kernel assert. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-39503: Privilege escalation in netfilter (IP set) subsystem.

A race condition when using the netfilter (IP set) subsystem could lead to a
use-after-free. A local attacker could use this flaw to escalate
privileges.


* CVE-2024-40901: Memory corruption in LSI Fusion-MPT SAS driver.

A logic error when using the LSI Fusion-MPT SAS driver could lead to an
out-of-bounds memory access. A local attacker could use this flaw to
cause memory corruption.


* CVE-2024-40904: Denial-of-service in core USB subsystem.

A logic error when using the core USB subsystem could lead to a soft
lockup due to excessive logging. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40905: Denial-of-service in IPv6 networking stack.

A race condition when using the IPv6 networking stack could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-40911: Denial-of-service in 802.11 Wireless driver.

A locking error when using the 802.11 Wireless driver could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40912: Denial-of-service in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a
deadlock. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40914: Denial-of-service in memory management subsystem.

A missing check when unpoisoning huge zero pages in the memory
management subsystem could lead to a kernel assertion failure.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40920, CVE-2024-40921: Memory corruption in VLAN filtering driver.

A race condition when using the Multiple Spanning Tree (MST) mode
of the VLAN filtering driver could lead to a use-after-free. An
attacker could use this flaw to cause memory corruption or as a
step in another kind of attack.


* CVE-2024-40928: Denial-of-service in core net subsystem.

A missing check in the networking driver when using ethtool could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2024-40936: Denial-of-service in CXL driver.

A logic error when using the CXL driver could lead to a memory leak.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40937: Denial-of-service in Google Virtual NIC driver.

A missing check when using the Google Virtual NIC driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* CVE-2024-40939: Memory corruption in IOSM Driver for Intel M.2 WWAN.

A logic error when using the IOSM Driver for Intel M.2 WWAN could lead
to release of not allocated memory. A local attacker could use this
flaw to cause internal data structures corruption.


* CVE-2024-40942: Resource leak in core WiFi subsystem.

A logic error when using the core WiFi subsystem could lead to a memory
leak. A local attacker could use this flaw to cause a denial-of-service.


* CVE-2024-40954: Memory corruption in core net subsystem.

A missing check for a socket creation failure in the networking driver
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption or as a step in other kinds of attack.


* CVE-2024-40957: Denial-of-service in IPv6 Segment Routing Header encapsulation.

A logic error when using the IPv6 Segment Routing Header encapsulation
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2024-40958: Denial-of-service in core net subsystem.

A logic error when using the core net subsystem could lead to a use-
after-free. A local attacker could use this flaw to cause a denial-of-
service.


* CVE-2024-40959, CVE-2024-40960, CVE-2024-40961: Denial-of-service in IPv6 networking stack.

Missing checks when using the IPv6 networking stack could lead to NULL
pointer dereferences. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40969: Denial-of-service in F2FS filesystem driver.

A logic error when shutting down an F2FS filesystem could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40971: Data corruption in F2FS filesystem driver.

A logic error when using the F2FS filesystem driver could lead to
invalid mount options. A local attacker could use this flaw to cause
data corruption.


* CVE-2024-40981: Denial-of-service in BATMAN protocol stack.

A missing check when using the BATMAN protocol stack could lead to a
soft lockup. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40983: Denial-of-service in TIPC Protocol driver.

Incorrect reference counting when using the TIPC Protocol driver could
lead to a kernel crash. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2024-40990: Privilege escalation in Mellanox 5th generation network adapter (ConnectX series) driver.

A logic error when using the Mellanox 5th generation network adapter
(ConnectX series) driver could lead to an out-of-bounds memory access. A
local attacker could use this flaw to escalate privileges.


* CVE-2024-40995: Denial-of-service in networking traffic control actions stack.

A logic error when using the networking traffic control actions stack
could lead to a deadlock. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2024-41040: Memory corruption in tc connection tracking action subsystem.

A logic error when using the tc connection tracking action subsystem
could lead to a use-after-free. A local attacker could use this flaw to
cause memory corruption.


* Note: Oracle has determined some CVEs are not applicable.

The kernel is not affected by the following CVEs
since the code under consideration is not compiled.

CVE-2024-39488, CVE-2024-40953, CVE-2024-40989, CVE-2024-41004

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-24.04-updates mailing list