[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4227-1)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Feb 12 01:48:54 PST 2020 

Synopsis: USN-4227-1 can now be patched using Ksplice
CVEs: CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-14901 CVE-2019-16233 CVE-2019-19045 CVE-2019-19049 CVE-2019-19052 CVE-2019-19083 CVE-2019-19524 CVE-2019-19529 CVE-2019-19534 CVE-2019-19807

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4227-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2019-19807: Use-after-free when registering timer in ALSA driver.

A logic error when registering timer in ALSA driver fails could lead to
a use-after-free. A local attacker could use this flaw to cause a
denial-of-service.


* CVE-2019-19052: Memory leak when opening USB Socket CAN device driver.

A missing free of resources when opening USB Socket CAN device driver
fails could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19529: Use-after-free when disconnecting Microchip CAN BUS Analyzer device.

A logic error when disconnecting Microchip CAN BUS Analyzer device could
lead to a use-after-free. A local attacker could use this flaw to cause
a denial-of-service.


* CVE-2019-19534: Information leak using PEAK PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD.

A missing zeroing of heap buffer passed to user space in PEAK
PCAN-USB/USB Pro interfaces for CAN 2.0b/CAN-FD driver could lead to an
information leak. A local attacker could use this flaw to leak
information about running kernel and facilitate an attack.


* CVE-2019-19045: Memory leak when creating CQ in Mellanox Technologies Innova driver.

A missing free of resources when creating CQ in Mellanox Technologies
Innova driver fails could lead to a memory leak. A local attacker could
use this flaw to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-19524: Use-after-free when unregistering memoryless force-feedback driver.

A missing free of a timer when unregistering memoryless force-feedback
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service.


* CVE-2019-19083: Memory leak when registering clock for AMD display driver.

A missing free of resources when registering clock for AMD display
driver could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a denial-of-service.


* CVE-2019-14895: Denial-of-service when receiving Country WLAN element in Marvell WiFi-Ex driver.

A logic error when receiving Country WLAN element in Marvell WiFi-Ex
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* CVE-2019-14896, CVE-2019-14897: Denial-of-service when parsing BSS in Marvell 8xxx Libertas WLAN driver.

A missing check when parsing BSS in Marvell 8xxx Libertas WLAN driver
could lead to buffer overflows. A local attacker could use this flaw to
cause a denial-of-service.


* CVE-2019-14901: Denial-of-service when parsing TDLS action frame in Marvell WiFi-Ex driver.

Missing checks when parsing TDLS action frame in Marvell WiFi-Ex driver
could lead to a buffer overflow. A local attacker could use this flaw to
cause a denial-of-service.


* Denial-of-service when reading from CIFS (SMB2) filesystem.

Incorrect locking in the CIFS filesystem read / write operation could
cause a deadlock in case of network outage. This could lead to a
denial-of-service.


* Denial-of-service when allocating page fragment for socket buffer.

Out-of-bound write due to incorrect page fragment allocation in the socket
subsystem leads to kernel memory corruption. An attacker could exploit
this to cause a denial-of-service and possibly escalate privilege.


* Privileged information leak in the socket subsystem.

Some kernel subsystems and userspace programs use "jiffies" (number of
ticks occurred since system start-up) to seed pseudorandom number
generator. This information is thus considered privileged. A bug in the
socket subsystem leaks jiffies on the wire, which could allow a remote
attacker to weaken some data-concealment measures.


* CVE-2019-16233: NULL pointer dereference when registering QLogic Fibre Channel driver.

A missing check when registering QLogic Fibre Channel driver fails could
lead to a NULL pointer dereference. A local attacker could use this flaw
to cause a denial-of-service.


* Use of uninitialized memory when getting MTU of a NCM USB device.

A missing check when getting MTU of a NCM USB device could lead to a use
of uninitialized memory. A local attacker could use this flaw to cause a
denial-of-service.


* Invalid memory access when reading properties of NFC FDP I2C device.

A logic error when reading properties of Intel Fields Peak NFC over I2C
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Double free in STMicroelectronics ST21NFCA NFC driver.

A logic error in STMicroelectronics ST21NFCA NFC driver could lead to a
double free. A local attacker could use this flaw to cause a denial-of-
service.


* Use-after-free when clearing capabilities of a freed inode in Ceph distributed file system.

A logic error when clearing capabilities of a freed inode in Ceph
distributed file system could lead to a use-after-free. A local attacker
could use this flaw to cause a denial-of-service.


* Use-after-free when disconnecting USB2CAN "8 devices".

A logic error when disconnecting USB2CAN "8 devices" could lead to a
use-after-free. A local attacker could use this flaw to cause a denial-
of-service.


* Double free when cleaning usb gadgets composite.

A logic error when cleaning usb gadgets composite could lead to a double
free. A local attacker could use this flaw to cause a denial-of-service.


* Memory leaks when setting ring parameters in Intel(R) PRO/1000 Gigabit Ethernet driver.

A logic error in error path when setting ring parameters in Intel(R)
PRO/1000 Gigabit Ethernet driver fails could lead to a memory leak.
A local attacker could use this flaw to exhaust kernel memory and cause
a denial-of-service.


* Missing MDS and Spectre v2 mitigations on EIBRS supported CPUs.

On systems that support Enhanced IBRS (EIBRS), the mitigations could be
incorrectly set when toggling the symmetric multithreading (SMT) feature
at runtime.


* Information leak when binding ASIX AX88xxx Based USB 2.0 Ethernet driver.

A missing check when binding ASIX AX88xxx Based USB 2.0 Ethernet driver
could lead to an information leak. A local attacker could use this flaw
to leak information about running kernel and facilitate an attack.


* Memory leaks when opening Serial / USB serial CAN Adaptors device.

A logic error in error path when opening Serial / USB serial CAN
Adaptors device fails could lead to memory leaks. A local attacker
could use this flaw to exhaust kernel memory and cause a denial-of-
service.


* Invalid memory accesses when looking up dentries in ecryptfs driver.

Logic errors when looking up dentries in ecryptfs driver could lead to
invalid memory accesses. A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when setting power registers in Freescale SGTL5000 codec driver.

A logic error when setting power registers in Freescale SGTL5000 codec
driver could lead to a divide by zero error. A local attacker could use
this flaw to cause a denial-of-service.


* Information leak using Motion Eye video4linux driver.

A missing check on user input when using Motion Eye video4linux driver
could let an attacker read all kernel memory. A local attacker could use
this flaw to leak information about running kernel and facilitate an
attack.


* Denial-of-service when routing IP multicast packet.

An incorrect header length initialization when monitoring IP multicast
packets could trigger a kernel fail-safe assertion. A local attacker
with the ability to configure IP route monitoring could exploit this
to cause a denial-of-service.


* Invalid memory access when configuring Intel(R) 10GbE PCI Express adapters driver.

A logic error when configuring  Intel(R) 10GbE PCI Express adapters
driver could lead to an invalid memory access. A local attacker could
use this flaw to cause a denial-of-service.


* Denial-of-service by accessing /proc/pagetypeinfo.

Incorrect permission of /proc/pagetypeinfo could let an attacker read
this file in a loop and cause a denial-of-service.


* Oracle will not provide zero-downtime update for CVE-2019-19049.

Oracle has determined that the vulnerability does not affect a
running system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-Oracle-Updates mailing list