[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4363-1)

Tue Jun 30 23:51:56 PDT 2020

Synopsis: USN-4363-1 can now be patched using Ksplice
CVEs: CVE-2020-11494 CVE-2020-12657 CVE-2020-12826

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4363-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service when performing fallocate in ocfs2 filesystem.

Incorrect handling of the fallocate syscall in the ocfs2 filesystem
could trigger a kernel BUG. An attacker could exploit this to cause a
denial-of-service.

* Denial-of-service when processing a write request in NFS.

A bug in the NFS filesystem leads to memory leak when processing write
requests. An attacker may exploit this to exhaust kernel memory and
cause a denial-of-service.

* CVE-2020-12657: Use-after-free in BFD I/O scheduler subsystem.

A race condition in the BFD I/O scheduler subsystem when clearing queue
leads to a use-after-free bug. An attacker may exploit this bug to cause
a denial-of-service.

* CVE-2020-11494: Information leak in serial line CAN device communication.

When communicating with a CAN device over serial, a buffer structure is
transmitted without proper sanitization, potentially exposing stack
memory over the network.

* Data corruption in the HFS+ filesystem when deleting files.

A bug in extended attribute handling in the HFS+ filesystem causes
on-disk data corruption when deleting files. This could lead to
inadvertent data loss.

* Denial-of-service during address resolution in the rdma driver.

Inadequate error handling in the rdma subsystem leads to a NULL pointer
dereference during address resolution. An attacker may exploit this bug
to cause a denial-of-service.

* Data corruption in the gfs2 filesystem.

A data race in the gfs2 filesystem due to inadequate exclusion could
lead to permanent data corruption after transient error. This could lead
to inadvertent data loss.

* Denial-of-service when processing delayed work in btrfs.

Incorrect locking in the btrfs filesystem when running delayed items
could lead to a deadlock. An attacker could exploit this bug to cause
a denial-of-service.

* Denial-of-service in the block I/O subsystem.

A use-after-free bug in the block I/O subsystem while clearing request
queue could cause a kernel panic. An attacker could exploit this bug to
cause a denial-of-service.

* Denial-of-service when performing fsync in btrfs filesystem.

Failing to release a lock in the after an fsync leads to deadlock in the
btrfs filesystem. An attacker could exploit this bug to cause a
denial-of-service.

* Use-after-free when tearing down SCTP queue.

A reference counting bug in the SCTP protocol leads to a use-after-free
in while tearing down outgoing queue. An attacker could exploit this bug
to cause a denial-of-service.

* CVE-2020-12826: Privilege escalation in process signal handling.

A logic error in the way signal are passed from child to parent could
lead to a child sending any signal to a parent. A local attacker could
use this flaw to escalate privileges.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.