[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4345-1)
Oracle Ksplice
ksplice-support_ww at oracle.com
Thu Apr 30 10:51:34 PDT 2020
Synopsis: USN-4345-1 can now be patched using Ksplice
CVEs: CVE-2019-16234 CVE-2019-19768 CVE-2020-10942 CVE-2020-11608 CVE-2020-11609 CVE-2020-11668 CVE-2020-2732 CVE-2020-8647 CVE-2020-8648 CVE-2020-8649 CVE-2020-9383
Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4345-1.
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2020-9383: Information leak in the floppy disk driver.
A flaw in the floppy driver could lead to an out-of-bounds read causing
an information leak when assigning the floppy disk controller.
* CVE-2020-10942: Out-of-bounds memory access in the Virtual host driver.
Invalid input validation could lead to type confusion and out-of-bounds
memory accesses. A local unprivileged user could use this to cause a
denial-of-service or potentially escalate privileges.
* CVE-2020-11608: NULL pointer dereference when initializing USB GSPCA based webcams.
A missing check on exposed endpoint numbers from USB GSPCA based webcams
could lead to a NULL pointer dereference. A local attacker could use a
malicious USB device to cause a denial-of-service.
* CVE-2020-11609: NULL pointer dereference when initializing STV06XX USB Camera device.
A missing check on USB endpoints when initializing STV06XX USB Camera
device could lead to a NULL pointer dereference. A local attacker could
use this flaw and a malicious USB device to cause a denial-of-service.
* CVE-2020-11668: NULL pointer dereference when initializing Xirlink C-It USB camera device.
A missing check on USB endpoints when initializing Xirlink C-It USB
camera device could lead to a NULL pointer dereference. A local attacker
could use this flaw and a malicious USB device to cause a
denial-of-service.
* CVE-2020-8648: Use-after-free in the virtual terminal driver.
A locking error in the virtual terminal driver could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service or escalate privileges.
* CVE-2020-8647, CVE-2020-8649: Use-after-free in the VGA text console driver.
A missing check when resizing console in the VGA text console driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service.
* Denial-of-service when destroying iscsi session.
A logic error when a user destroy an iscsi session whereas a connection
is still open could lead to a kernel assert. A local attacker could use
this flaw to cause a denial-of-service.
* NULL pointer dereference when closing FORE Systems 200E-series socket.
A missing check when closing FORE Systems 200E-series socket while
sending data over it could lead to a NULL pointer dereference. A local
attacker could use this flaw to cause a denial-of-service.
* Information leak in the SMC socket monitoring interface.
A missing zeroing of data when using the SMC socket monitoring interface
could leak kernel data. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.
* NULL pointer dereference when using Elastic Network Adapter driver.
A missing check on user input when calling ethtool -X without any hkey
on an Elastic Network Adapter interface could lead to a NULL pointer
dereference. A local attacker could use this flaw to cause a denial-of-
service.
* Denial-of-service when using DM Cache.
A logic error when using DM Cache could lead to a use-after-free. A
local attacker could use this flaw to cause a denial-of-service.
* Deadlock when using too many slaves in IP-VLAN driver.
A logic error when using too many slaves in IP-VLAN driver could lead to
a deadlock. A local attacker could use this flaw to cause a denial-of-
service.
* Invalid memory access when sending messages over bonding socket.
A logic error when sending messages over bonding socket could lead to an
invalid memory access. A local attacker could use this flaw to cause a
denial-of-service.
* Denial-of-service when receiving IPV4 packets over SLIP network device.
Missing checks when receiving IPV4 packets over SLIP network device
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Deadlock when using too many slaves on a MAC-VLAN socket.
A logic error when using too many slaves on a MAC-VLAN socket could lead
to a deadlock. A local attacker could use this flaw to cause a
denial-of- service.
* Improved fix for CVE-2020-2732: Privilege escalation in Intel KVM nested emulation.
The original fix for CVE-2020-2732 prevented a windows guest with Hyper-V
enabled from booting.
* NULL pointer dereference when transforming ipv6 socket to ipv4 socket.
A missing check when transforming ipv6 socket to ipv4 socket could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* Use-after-free when registering RmNet MAP interface.
A missing check when registering RmNet MAP interface could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.
* Deadlock when receiving data over Line 6 POD USB device.
A logic error when receiving data over Line 6 POD USB device could lead
to a deadlock. A local attacker could use this flaw and a malicious USB
device to cause a denial-of-service.
* Invalid memory access when using Speakup screen reader.
A logic error when using Speakup screen reader could lead to an invalid
memory access. A local attacker could use this flaw to cause a denial-
of-service.
* Denial-of-service when adding High-availability Seamless Redundancy device.
A logic error when adding High-availability Seamless Redundancy device
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Invalid memory access when using IEEE 802.1AE MAC-level encryption.
A missing check when registering a new link in IEEE 802.1AE MAC-level
encryption driver could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.
* Use-after-free when changing route in route4 classifier driver.
A logic error when changing route in route4 classifier driver could lead
to a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.
* Out-of-bounds access on tcindex change in network packet classifier.
A logic error when changing tcindex in network packet classifier could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.
* Memory leak in control plane of eCryptfs.
A memory leak in the eCryptfs (Enterprise Cryptographic Filesystem)
allowed a malicious user to wasting kernel memory that could result
in out of memory situation. A local, unprivileged user could use
this flaw to exhaust the memory on the system and cause
a denial-of-service.
* Denial-of-service in tty device initialization.
A NULL pointer dereference in tty device registration could result in
a kernel crash when repeatedly performing a certain sequence of tty
device registration/deregistration. A local, privileged user could use
this flaw to crash the system.
* Denial of service in control plane of netfilter.
Netfilter receives a hash table from the userspace, however
the validation of the hash table size is missing in netfilter that
could cause an out of memory situation. A local user could use
this flaw to cause a kernel crash.
* Denial-of-service in Btrfs filesystem when reading a filesystem tree.
Failure to reset a pointer to NULL in the Btrfs filesystem when reading
a filesystem tree leads to an invalid memory access through a pointer
error code. An attacker could use this flaw to cause a
denial-of-service through a specially crafted filesystem.
* Memory corruption due to snprintf misuse in HD-audio driver.
A flaw in HD-audio driver due to misuse of snprintf return
value could lead to the memory corruption and the kernel crash.
* Multiple privilege escalations in ioctl handling of Realtek WiFi drivers.
Multiple incorrect input validation on user provided lengths in various
staging Realtek WiFi drivers could lead to an out-of-bounds memory
write. A local user with the ability to send IOCTLs to those drivers
could use this flaw to cause a denial-of-service or potentially escalate
privileges.
* Denial-of-service in control plane of VT subsystem.
A NULL pointer dereference in the VT subsystem could result in a kernel
crash when issuing ioctl. A local user could use this flaw to crash
the system.
* Denial-of-service in KVM when handling an error.
Error handling code in KVM (Kernel-based Virtual Machine) uses
a variable that has not been initialized, leading to unpredictable
or unintended results including the kernel crash.
* Denial-of-service in fallocate of OCFS2 file system.
A NULL pointer dereference in the OCFS2 could result in a kernel
crash when issuing fallocate system call to OCFS2 file system. A local,
non-privileged user could use this flaw to crash the system.
* Denial-of-service in InfiniBand driver.
A flaw in the InfiniBand driver implementation could result in a kernel
lockup. A local, privileged user could use this flaw to cause the kernel
lockup by repeatedly toggling network interfaces.
* Invalid memory access in network match-all classifier.
A missing check on attribute from a netlink message in network match-all
classifier could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.
* Invalid memory access in network Flower classifier.
A missing check on attribute from a netlink message in network Flower
classifier could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.
* Invalid memory access in network FIB rules.
A missing check on attribute from a netlink message in network FIB rules
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Invalid memory access in IEEE Std 802.15.4 Low-Rate Wireless Personal Area Networks driver.
A missing check on attribute from a netlink message in IEEE Std 802.15.4
Low-Rate Wireless Personal Area Networks driver could lead to an
invalid memory access. A local attacker could use this flaw to cause a
denial-of-service.
* Invalid memory access in Virtual Local CAN Interface driver.
A missing check on attribute from a netlink message in Virtual Local CAN
Interface driver could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.
* Invalid memory access in IEEE 802.1AE MAC-level encryption driver.
A missing check on attribute from a netlink message in IEEE 802.1AE
MAC-level encryption driver could lead to an invalid memory access. A
local attacker could use this flaw to cause a denial-of-service.
* Invalid memory access in Fair Queue network scheduler.
A missing check on attribute from a netlink message in Fair Queue network scheduler
could lead to an invalid memory access. A local attacker
could use this flaw to cause a denial-of-service.
* Invalid memory access in Ethernet team driver.
A missing check on attribute from a netlink message in Ethernet team
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.
* Invalid memory access in NFC driver.
A missing check on attribute from a netlink message in NFC driver could
lead to an invalid memory access. A local attacker could use this flaw
to cause a denial-of-service.
* Invalid memory access in cfg80211 driver.
A missing check on attribute from a netlink message in cfg80211 driver
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.
* Invalid memory access in network Connection tracking helpers.
A missing check on attribute from a netlink message in network
Connection tracking helpers could lead to an invalid memory access. A
local attacker could use this flaw to cause a denial-of-service.
* Invalid memory access in Netfilter nf_tables driver.
A missing check on attribute from a netlink message in Netfilter
nf_tables driver could lead to an invalid memory access. A local
attacker could use this flaw to cause a denial-of-service.
* Use-after-free when getting node list/status in High-availability Seamless Redundancy driver.
A locking error when getting node list/status in High-availability
Seamless Redundancy driver could lead to a use-after-free. A local
attacker could use this flaw to cause a denial-of-service.
* Denial-of-service when creating queue pairs in Mellanox Connect-IB HCA driver.
A missing check on user capabilities when creating queue pairs in
Mellanox Connect-IB HCA driver could allow a malicious user to prevent
receiving more data over Mellanox Connect-IB HCA driver.
* Out-of-bounds access when using Transformation user configuration interface.
A missing check on user input when using Transformation user
configuration interface could lead to an out-of-bounds access. A local
attacker could use this flaw to cause a denial-of-service.
* NULL pointer dereference when using TCP_QUEUE_SEQ socket option.
A logic error when using using TCP_QUEUE_SEQ socket option could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2019-16234: NULL pointer dereference when registering Intel Wireless WiFi driver.
A logic error in error path when registering Intel Wireless WiFi driver
fails on workqueue allocation could lead to a NULL pointer dereference.
A local attacker could use this flaw to cause a denial-of-service.
* CVE-2019-19768: Use-after-free when adding a new trace using the tracing block driver.
A locking error when adding a new trace using the tracing block driver
could lead to a use-after-free. A local attacker could use this flaw to
cause a denial-of-service or escalate privileges.
SUPPORT
Ksplice support is available at ksplice-support_ww at oracle.com.
More information about the Ksplice-Ubuntu-Oracle-Updates
mailing list