[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-5466-1)

Thu Jun 16 15:24:11 UTC 2022

Synopsis: USN-5466-1 can now be patched using Ksplice
CVEs: CVE-2021-3772 CVE-2021-4149 CVE-2022-1016 CVE-2022-1419 CVE-2022-1966 CVE-2022-21499 CVE-2022-28356 CVE-2022-28390 CVE-2022-32250

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-5466-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-1016: Information leak in the netfilter subsystem.

A flaw in the netfilter subsystem result in a use-after-free. This may
allow a local unprivileged user to cause an information leak,
resulting in loss of system confidentiality.

* CVE-2021-4149: Denial-of-service in BTRFS file system.

An improper locking flaw in BTRFS file system during error handling
could lead to a deadlock condition. A local user could use this flaw
to cause a denial-of-service.

* CVE-2022-1419: Information disclosure in Virtual Graphics Memory Manager.

A race condition flaw in Virtual Graphics Memory Manager when creating
a DRM GEM instance could result in use-after-free. A local user could
use this flaw for information disclosure.

* CVE-2022-28390: Code execution in EMS CPC-USB/ARM7 CAN/USB interface.

A double-free flaw in data transmission path of EMS CPC-USB/ARM7 CAN/USB
interface could result in memory leaks and data corruption. A local user
could use this flaw for a denial-of-service or code execution.

* CVE-2022-28356: Denial-of-service in 802.2 LLC type 2 driver.

A reference counting flaw in socket binding of the 802.2 LLC type 2
driver could happen in some error conditions. A local user could use
this flaw to cause a denial-of-service.

* CVE-2021-3772: Denial-of-service in SCTP Protocol.

Improper verification of connection tags in SCTP Protocol could allow
a remote attacker to kill existing SCTP associations by sending packets
with spoofed IP addresses. A remote attacker could use this flaw to
cause a denial-of-service.

* CVE-2022-21499: Privilege escalation in the kernel debug subsystem.

Insufficient protection checks in the kernel debug subsystem when using KGDB
and KDB allow reads and writes to kernel memory during kernel lockdown. A
remote attacker with access to a serial port (for example, via a hypervisor
console) could use the debugger to escalate privileges.

* CVE-2022-1966, CVE-2022-32250: Code execution in Netfilter due to use-after-free.

A flaw in nftables API of the Netfilter subsystem when removing stateful
expressions could result in a use-after-free. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.