[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4162-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Tue Oct 22 06:37:20 PDT 2019
Synopsis: USN-4162-1 can now be patched using Ksplice
CVEs: CVE-2018-21008 CVE-2019-14814 CVE-2019-14815 CVE-2019-14816 CVE-2019-14821 CVE-2019-15117 CVE-2019-15118 CVE-2019-15505 CVE-2019-15902
Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4162-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* Memory leak when receiving frontend notification in Xen block-device backend driver.
A missing free of resources when receiving frontend notification in Xen
block-device backend driver could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* CVE-2019-15118: Stack overflow when checking input source type in ALSA USB driver.
A logic error when checking input source type in ALSA USB driver could
lead to a stack overflow. A local attacker could use this flaw to cause
a denial-of-service.
* CVE-2019-15117: Out-of-bounds access when parsing USB descriptor in ALSA USB driver.
A missing check when parsing USB descriptor in ALSA USB driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Use-after-free in sound sequencer driver when deleting pools.
A missing locking when deleting pools in sound sequencer driver from
user space could lead to a use-after-free. A local attacker could use
this flaw to cause a denial-of-service.
* Use-after-free when disconnecting USB Wireless device.
A race condition when disconnecting USB Wireless device while transfers
are on-going could lead to a use-after-free. A local attacker could use
this flaw to exhaust kernel memory and cause a denial-of-service.
* Memory leak when adding a station in mac80211 stack fails.
A logic error when adding a station in mac80211 stack fails could lead
to a memory leak. A local attacker could use this flaw to exhaust kernel
memory and cause a denial-of-service.
* CVE-2019-15902: Bounds-check bypass in sys_ptrace().
An error when backporting original Spectre v1 fix for ptrace in stable
kernels makes it vulnerable to Spectre v1. A local attacker could
exploit this flaw to gain information about the running system.
* NULL pointer dereference when sending ICMP packets with a particular configuration.
A missing check when sending ICMP packets with a particular configuration could
lead to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak when setting up a request in Cavium LiquidIO driver.
A missing free of resources when setting up a request in Cavium LiquidIO
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.
* Memory leak when creating resources in Mellanox ConnectX HCA driver.
A missing free of resources in error path when creating resources in
Mellanox ConnectX HCA driver could lead to a memory leak. A local
attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* Use-after-free when setting xattr in Ceph distributed file system.
A logic error when setting xattr in Ceph distributed file system could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.
* Use-after-free when dropping packets in netpoll.
A logic error when dropping packets in netpoll could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Memory leak when setting IPv6 multicast socket options.
A logic missing free of resources when setting IPv6 multicast socket
options could lead to a memory leak. A local attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.
* Memory leak when looking up an invalid cell name in Andrew File System driver.
A missing free of resources in error path when looking up an invalid
cell name in Andrew File System driver could lead to a memory leak. A
local attacker could use this flaw to exhaust kernel memory and cause a
denial-of-service.
* NULL pointer dereference when scrubbing a BTRFS filesystem.
A missing initialization when scrubbing a BTRFS filesystem could lead to
a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* Denial-of-service during page writeback on BTRFS filesystem.
A logic error during page writeback on BTRFS filesystem could lead to a
deadlock. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when using block device as cache driver.
A kernel assert when using block device as cache driver could lead to a
kernel panic. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid write access for mapped pages in MLX5 driver.
A logic error in the mlx5 page fault handler could incorrectly give write
access to mapped pages instead of read-only.
* Guest VM leaks bits into host control register, causing host to panic.
In the event that a guest VM schedules out during a machine check error,
the host's XCR0 register may get populated with incorrect values. This
will cause a general protection fault on the host, leading to a
denial-of-service.
* Out-of-bounds access during CIFS mount.
A subtle error in handling certain combinations of mount options can
cause a out-of-bounds access in the CIFS mount path. This could cause
a system to exhibit unexpected behavior, and may lead to a
denial-of-service.
* Use-after-free in Thin provisioning target driver.
A logic error in Thin provisioning target driver could lead to a
use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access in CAPI2.0 driver.
A logic error when writing to CAPI2.0 device could lead to an
out-of-bounds access. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds memory access during btrfs image validation.
A failure to properly check the length of a particular string when
validating a btrfs image can lead to an out-of-bounds read. A local
attacker could potentially craft a special image to exploit this flaw,
which could cause a system to exhibit unexpected behavior.
* Denial-of-service during fsync on btrfs filesystem.
A reference count error during fsync on btrfs filesystem could lead to a
use-after-free or a kernel assert. A local attacker could use this flaw
to cause a denial-of-service.
* Information leak when emulating VMPTRST in KVM.
A missing zeroing of on-stack data on host side when emulating VMPTRST
in KVM could lead to an information leak. A local attacker from a guest
could use this flaw to leak information about the host an facilitate an
attack.
* Out-of-bounds access during USB device reset.
A logic error during USB device reset could lead to an out-of-bounds
access. A local attacker could use this flaw to cause a
denial-of-service.
* Double free when disconnecting TV Master TM5600/6000/6010 USB device.
A logic error when disconnecting TV Master TM5600/6000/6010 USB device
while transfers are on-going could lead to a double free. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference in Xen network device error handling.
Incorrect error handling when filling fragments for a Xen network device
could result in a NULL pointer dereference and kernel crash.
* CVE-2019-14821: Denial-of-service in KVM MMIO coalesced writes.
An out-of-bounds access to the coalesced MMIO ring buffer could result
in a kernel crash. A malicious guest could use this flaw to crash the
hypervisor or potentially, escalate privileges.
* Improved fix for Spectre v1: Bounds check bypass in nl80211 CQM RSSI.
A missing use of the indirect call protection macro in the Netlink 802.11
code when updating the cqm rssi parameters could lead to speculative
execution. A local attacker could use this flaw to leak information about
the running system.
* Out-of-bounds access when reading packaets in B.A.T.M.A.N. V protocol driver.
A logic error when reading packaets in B.A.T.M.A.N. V protocol driver
could lead to an out-of-bounds access. A local attacker could use this
flaw to cause a denial-of-service.
* NULL pointer dereference when accessing a revoked key.
A missing check when accessing a revoked key could lead to a NULL
pointer dereference. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid memory access in floppy disk driver.
A logic error when copying data to userspace from floppy disk driver
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Stack corruption when invoking elf loader directly.
A logic error in the memory mapping of a process when invoking an elf
loader directly could lead to a leak of the heap region to the stack
region and corrupt the stack. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2018-21008: Use-after-free when de-initializing mac80211 stack in Redpine Signals Inc 91x WLAN driver.
A logic error when de-initializing mac80211 stack in Redpine Signals Inc
91x WLAN driver could lead to a use-after-free. A local attacker could
use this flaw to cause a denial-of-service.
* NULL pointer dereference when removing publication info in TIPC driver.
A logic error when removing publication info in TIPC driver could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2019-14814, CVE-2019-14815, CVE-2019-14816: Denial-of-service when parsing access point settings in Marvell WiFi-Ex driver.
Logic errors when parsing access point settings in Marvell WiFi-Ex
driver could lead to buffer overflows. A local attacker could use this
flaw to cause a denial-of-service.
* CVE-2019-15505: Out-of-bounds access in Technisat DVB-S/S2 USB2.0 driver.
A logic error when receiving data over Technisat DVB-S/S2 USB2.0 driver
could lead to an out-of-bounds access. A remote attacker could use this
flaw to cause a denial-of-service.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-Oracle-Updates
mailing list