[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4068-1)

Wed Jul 31 04:04:28 PDT 2019

Synopsis: USN-4068-1 can now be patched using Ksplice
CVEs: CVE-2019-11085 CVE-2019-11815 CVE-2019-11833 CVE-2019-11884

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4068-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Out-of-bounds memory access in authenticated encryption key parsing.

A logic error when reading unaligned keys for authenticated encryption can lead
to an integer underflow and result in a out-of-bounds memory access, leading to
a kernel crash. A local user could use this flaw to cause a denial-of-service.

* CVE-2019-11884: Information leak in Bluetooth HIDP HIDPCONNADD ioctl().

Missing string termination in the Bluetooth HIDP HIDPCONNADD ioctl()
could result in leaking the contents of the kernel stack to a local
user.

* CVE-2019-11085: Privilege escalation in i915 KVM passthrough driver.

A validation failure in the i915 passthrough graphics driver could allow a
guest VM to access host memory, leading to a kernel crash or potentially
privilege escalation.

* Integer overflow when building the bitmap of idle pages.

An integer overflow when aligning the last page frame number of a file
mapped in memory when building the bitmap of idle pages could lead to
undefined behaviour.  A local attacker could use this flaw to cause a
kernel crash or potentially access memory otherwise protected.

* Denial-of-service when deleting Traffic-Control Index filters.

A logic error when deleting Traffic-Control Index filters could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.

* CVE-2019-11833: Information leak in ext4 extent tree block.

A missing zeroing of uninitialized memory in ext4 extent tree block
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.

* Information leak in block subsystem core.

A failure to zero out a buffer before copying it to userspace can lead
to kernel memory being leaked to userspace.  A malicious attacker could
exploit this flaw to gain information about the running system.

* Buffer overflow when parsing some /proc/sys entries.

A logic error when parsing some /proc/sys entries could lead to a buffer
overflow. A local attacker could use this flaw to cause a
denial-of-service.

* CVE-2019-11815: Use-after-free in RDS socket creation.

A logic error in the RDS code could fail to properly clean up a socket once
it is destroyed, which could then lead to a use-after-free on a new socket
creation.  This could be used to cause a denial-of-service.

* Race condition when updating page table entries.

Compiler optimizations can lead to multiple writes when setting PTEs, resulting
in a race condition with a potentially misconfigured PTE in the process page
tables. A local user could use this flaw to cause a kernel crash or leak
information from the kernel.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.