[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-4526-1)

Wed Oct 14 00:50:57 PDT 2020

Synopsis: USN-4526-1 can now be patched using Ksplice
CVEs: CVE-2019-18808 CVE-2019-19054 CVE-2019-19061 CVE-2019-19067 CVE-2019-19073 CVE-2019-19074 CVE-2019-9445 CVE-2020-14331 CVE-2020-16166

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-4526-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2020-14331: Out-of-bounds writes in ioctls of Console display driver.

Out-of-bounds writes in ioctls of Console display driver could happen
when calling an ioctl VT_RESIZE in order to resize the console. This
flaw could allow a local user with access to the VGA console to crash
the system or potentially escalating their privileges on the system.

* Out-of-bounds access when using Amateur Radio AX.25 Level 2 protocol socket.

Logic errors when connecting or sending messages over Amateur Radio
AX.25 Level 2 protocol socket could lead to out-of-bounds accesses. A
local attacker could use this flaw to cause a denial-of-service.

* Denial-of-service in 802.11 mesh network join of Generic IEEE 802.11 Networking Stack.

A flaw in 802.11 mesh network join implementation of Generic IEEE
802.11 Networking Stack could cause a memory leak. A local user
could exploited this flaw by repeatedly joining and leaving 802.11
mesh network and cause a denial-of-service.

* Denial-of-service in Internet Protocol when converting IPv6 to IPv4 socket.

A flaw in Internet Protocol implementation can cause a memory leak when
performing an certain sequence of socket operations in userspace.
A local user could use this flaw to cause a denial-of-service.

* CVE-2019-19067: Memory leaks when registering AMD Audio CoProcessor driver.

Multiple logic errors when registering AMD Audio CoProcessor driver
could to memory leaks. A local attacker could use this flaw to exhaust
kernel memory and cause a denial-of-service.

* CVE-2019-9445: Out-of-bounds access in directory reads of F2FS filesystem.

An Out-of-bounds access could happen in directory reads of F2FS
filesystem when passing an invalid directory name length value.
A local user could use this flaw to cause a denial-of-service.

* CVE-2019-19061: Memory leak in Analog Devices ADIS* driver.

A missing free of resources on allocation failure in Analog Devices
ADIS* driver when scanning devices in burst mode could lead to a memory
leak. A local attacker could use this flaw to exhaust kernel memory and
cause a denial-of-service.

* Use-after-free in writes of Simplified Mandatory Access Control.

A missing synchronization mechanism in writes of Simplified Mandatory
Access Control Kernel Support driver could lead to a use-after-free
when multiple userspace tasks access the driver simultaneously.
A local attacker could use this flaw to cause a denial-of-service or
the execution of arbitrary code.

* CVE-2019-19054: Denial-of-service in the cx2388x tv card driver.

Failure to handle error during initial setup on in the cx2388x tv card
driver causes memory leak. An attacker could exploit this to cause a
denial-of-service.

* CVE-2019-19073, CVE-2019-19074: Denial-of-service in the ath9k wireless driver.

A memory leak during driver initialization in the Atheros HTC-based
wireless subsystem could cause kernel memory exhaustion. An attacker
could exploit this flaw to cause a denial-of-service.

* Information leak in receives of Reliable Datagram Sockets protocol.

A flaw in receives of Reliable Datagram Sockets protocol implementation
could cause kernel memory leak to userspace. An local attacker could
use this flaw to leak information from kernel memory.

* Information leak in ioctls of AMDGPU Graphics driver.

A flaw in ioctl implementation of AMDGPU Graphics driver could cause
a leak of kernel memory to userspace. An local attacker could use this
flaw to leak information.

* Use-after-free in ioctls of Direct Rendering Manager.

A flaw in ioctls implementation of Direct Rendering Manager could lead
to use-after-free. A local attacker could use this flaw to cause
a denial-of-service or potentially escalate privileges.

* CVE-2020-16166: Confidentiality vulnerability in the generation of the device ID.

A flaw in the generation of the device ID from the network RNG could
result in a potential issue allowing remote attackers to make
observations that help to obtain sensitive information about
the internal state of the network RNG and compromise the data
confidentiality.

* CVE-2019-18808: Memory leak in CCP device driver with invalid hash type.

The device driver for AMD cryptographic coprocessor devices contains a
flaw where specifying an invalid hash algorithm causes the driver to
leak memory. An attacker might exploit this to cause a
denial-of-service.

* Information leak in Open vSwitch when transmitting flow key.

The Open vSwitch flow key structure can contain uninitialized kernel
stack memory when it is copied into a socket, potentially leaking
sensitive information to a malicious user.

* Integer overflow of KVM zero page reference count causes DoS.

The KVM virtual machine infrastructure erroneously takes references on
the shared zero page when creating virtual machines, and this reference
count is not sanitized from integer overflow. A malicious user with the
ability to create virtual machines on the system might exploit this to
cause a denial-of-VM-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.