From quentin.casasnovas at oracle.com Tue May 17 10:30:06 2022 From: quentin.casasnovas at oracle.com (Oracle Ksplice) Date: Tue, 17 May 2022 10:30:06 +0000 Subject: [Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-5418-1) Message-ID: <3g22v2pn82-1@iadpaimrmta02.imrmtpd1.prodappiadaev1.oraclevcn.com> Synopsis: USN-5418-1 can now be patched using Ksplice CVEs: CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966 Systems running Ubuntu OCI kernel can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-5418-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu OCI kernel install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-25375: Information leak in RNDIS message for USB Gadget driver. The USB Gadget subsystem fails to validate the size of a received RNDIS_MSG_SET command, potentially allowing for a buffer overrun. A malicious user might exploit this to leak sensitive information from the kernel. * CVE-2022-25258: Missing validation of descriptors in USB gadget subsystem. The USB Gadget subsystem fails to correctly validate os descriptors passed to it. Malicious data passed to the system might exploit this to cause a NULL-pointer dereference and denial-of-service. * CVE-2022-26966: Information leak by the USB2NET SR9700 device driver. The driver for SR9700 based USB ethernet devices does not correctly sanitize packets allowing badly formatted packets to potentially leak information to user space. * CVE-2022-24958: Use-after-free in USB Gadget file system. A bad error handling in configuration writing of the USB Gadget file system could lead to a use-after-free. A local attacker could use this flaw to cause a denial-of-service or execute arbitrary code. * CVE-2022-26490: Buffer overflow in STMicroelectronics ST21NFCA NFC driver. A missing error check in connectivity event handling of the ST21NFCA NFC driver could result in a buffer overflow. A local user could use this flaw to cause a denial-of-service or execute arbitrary code. * Out-of-bounds accesses in ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet. Missing sanity checks in receive data path of ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet could result in out-of-bounds accesses. A local, privileged user could use this flaw to cause a denial of service or information disclosure. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com. From quentin.casasnovas at oracle.com Tue May 31 09:43:48 2022 From: quentin.casasnovas at oracle.com (Oracle Ksplice) Date: Tue, 31 May 2022 09:43:48 +0000 Subject: [Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-5443-1) Message-ID: <3gc8huy82h-1@phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com> Synopsis: USN-5443-1 can now be patched using Ksplice CVEs: CVE-2022-29581 CVE-2022-30594 Systems running Ubuntu OCI kernel can now use Ksplice to patch against the latest Ubuntu Security Notice, USN-5443-1. INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running Ubuntu OCI kernel install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-30594: Privilege escalation in Process Trace. Lack of validation of the ptrace flags when seizing a process through ptrace could be used to disable a seccomp jail. A local, unprivileged user could use this flaw to evade a seccomp jail and elevate its privileges. * CVE-2022-29581: Privilege escalation in Traffic Control subsystem. Improper reference counting flaw in the universal 32-bit pieces based comparison scheme for packet classification of Traffic Control subsystem could lead to a use-after-free. A local user could use this flaw for privilege escalation. SUPPORT Ksplice support is available at ksplice-support_ww at oracle.com.