[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (4.15.0-1046.50)

Oracle Ksplice ksplice-support_ww at oracle.com
Wed Jul 15 11:28:51 PDT 2020 

Synopsis: 4.15.0-1046.50 can now be patched using Ksplice
CVEs: CVE-2020-0543 CVE-2020-10711 CVE-2020-12770 CVE-2020-13143

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu kernel update, 4.15.0-1046.50.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2020-12770: Information leak/DoS in SCSI generic userspace write.

When copying data from userspace to a SCSI generic (sg) device, the
associated list entry is not properly removed, potentially causing a
denial-of-service or leaking sensitive kernel information.


* CVE-2020-10711: NULL pointer dereference when using CIPSO network packet labeling.

A logic error when receiving CIPSO network packets could lead to a NULL
pointer dereference. A remote attacker could use this flaw to cause a
denial-of-service.


* CVE-2020-13143: Out-of-bounds read when connecting to UDC.

When connecting via USB in gadget mode, the USB gadgetfs copies input
fields with strcpy, which can result in the copied buffers being smaller
than the originals. Accessing these new buffers can then result in an
out-of-bounds memory access, potentially leaking information or causing
a denial-of-service.


* Denial-of-service in Stochastic Fairness Queueing (SFQ).

A logic error in Stochastic Fairness Queueing (SFQ) could lead to an
infinite loop. A local attacker could use this flaw to cause a denial-
of-service.


* Denial-of-service when using Generic Segmentation Offload.

A logic error when using Generic Segmentation Offload could lead to an
out-of-bounds access.  A local attacker could use this flaw to cause a
denial-of-service.


* Denial-of-service when writing 'throughput_override' sysfs entry of B.A.T.M.A.N. Advanced Meshing Protocol.

A reference count leak when writing 'throughput_override' sysfs entry of
B.A.T.M.A.N. Advanced Meshing Protocol could lead to a memory leak. A
local attacker could use this flaw to cause a denial-of-service.


* Out-bounds access when getting ethtool strings in Micrel PHYs driver.

A logic error when getting ethtool strings in Micrel PHYs driver could
lead to an out-of-bounds access. A local attacker could use this flaw to
cause a denial-of-service.


* Information leak when using RAW Midi driver.

A missing initialization of heap buffer when using RAW midi driver could
lead to an information leak. A local attacker could use this flaw to
leak information about running kernel and facilitate an attack.


* Out-of-bounds read when using Garmin GPS driver.

A missing check when receiving data over Garmin GPS USB device could
lead to an out-of-bound read. A local attacker could use this flaw to
cause a denial-of-service.


* Permission bypass when ptracing the interpreter of a script.

A logic error when checking if a process can be ptraced could let an
unprivileged user ptrace the interpreter of a script. A local attacker
could use this flaw to escalate privileges.


* Reference leak on reconnect in CIFS driver.

A reference count error during reconnect when re queuing a write in CIFS
driver could lead to a reference leak. A local attacker could use this
flaw to exhaust kernel memory and cause a denial-of-service.


* Invalid memory access when using Extended Verification Module.

A logic error in error path when using Extended Verification Module
could lead to an invalid memory access. A local attacker could use this
flaw to cause a denial-of-service.


* Use-after-free when resizing buffer in RAWMidi driver.

A logic error when resizing buffer in RAWMidi driver while read and
write are on-going could lead to a use-after-free. A local unprivileged
user could use this flaw to cause a denial-of-service.


* Improved fix for CVE-2020-0543: Side-channel information leak using SRBDS.

The mitigation for CVE-2020-0543 might attempt to erroneously access
the control MSR even if supported CPU microcode was not availble,
potentially reporting the system's vulnerability state incorrectly.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-Oracle-Updates mailing list