[Ksplice][Ubuntu-Oracle-Updates] New Ksplice updates for Ubuntu OCI kernel (USN-5418-1)

Oracle Ksplice quentin.casasnovas at oracle.com
Tue May 17 10:30:06 UTC 2022 

Synopsis: USN-5418-1 can now be patched using Ksplice
CVEs: CVE-2022-24958 CVE-2022-25258 CVE-2022-25375 CVE-2022-26490 CVE-2022-26966

Systems running Ubuntu OCI kernel can now use Ksplice to patch against
the latest Ubuntu Security Notice, USN-5418-1.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Ubuntu OCI
kernel install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2022-25375: Information leak in RNDIS message for USB Gadget driver.

The USB Gadget subsystem fails to validate the size of a received
RNDIS_MSG_SET command, potentially allowing for a buffer overrun. A
malicious user might exploit this to leak sensitive information from the
kernel.


* CVE-2022-25258: Missing validation of descriptors in USB gadget subsystem.

The USB Gadget subsystem fails to correctly validate os descriptors
passed to it. Malicious data passed to the system might exploit this to
cause a NULL-pointer dereference and denial-of-service.


* CVE-2022-26966: Information leak by the USB2NET SR9700 device driver.

The driver for SR9700 based USB ethernet devices does not correctly sanitize
packets allowing badly formatted packets to potentially leak information to
user space.


* CVE-2022-24958: Use-after-free in USB Gadget file system.

A bad error handling in configuration writing of the USB Gadget file
system could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service or execute arbitrary code.


* CVE-2022-26490: Buffer overflow in STMicroelectronics ST21NFCA NFC driver.

A missing error check in connectivity event handling of the ST21NFCA
NFC driver could result in a buffer overflow. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.


* Out-of-bounds accesses in ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet.

Missing sanity checks in receive data path of ASIX AX88179/178A USB
3.0/2.0 to Gigabit Ethernet could result in out-of-bounds accesses.
A local, privileged user could use this flaw to cause a denial of
service or information disclosure.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Ubuntu-Oracle-Updates mailing list