[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2022-9244)

Mon Mar 28 15:18:23 UTC 2022

Synopsis: ELSA-2022-9244 can now be patched using Ksplice
CVEs: CVE-2020-27820 CVE-2021-28714 CVE-2021-28715 CVE-2021-39685 CVE-2021-4002 CVE-2022-0330 CVE-2022-0435

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9244.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-9244.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2020-27820: Denial-of-service in Nouveau (nVidia) cards support.

A use-after-free in postclose() handler of Nouveau (nVidia) cards
support could happen when removing the device or unbinding the driver.
A privileged local user could use this flaw for denial-of-service.

* Note: Oracle will not provide a zero-downtime update for CVE-2021-28714 (XSA-392) and CVE-2021-28715.

CVE-2021-28714 (XSA-392) and CVE-2021-28715 are both scored CVSSv3 6.5
and are present in the Xen backend driver. Both CVEs allow guest to hog
large amounts of kernel memory to potentially cause a denial-of-service.

Hosts without the Xen backend driver loaded are not affected by this
issue.

Oracle has determined that patching CVE-2021-28714 (XSA-392) and
CVE-2021-28715 on a running system would not be safe and recommends
a reboot if the Xen backend driver is used.

Orabug: 33851834

* CVE-2021-4002: Information disclosure in the hugetlb due to memory leak.

A memory leak flaw in the hugetlbfs memory usage of the hugetlb
implementation could allow a local attacker to leak or alter data from
other processes that use huge pages and result in sensitive information
disclosure.

* Note: Oracle has determined that CVE-2021-39685 is not applicable.

A failure to restrict the size of control requests for certain gadget
types in the USB Peripheral Controller could lead to an out of bounds
memory access. A local user could use this flaw to cause a denial of
service or escalate their privileges.

The kernel is not affected by CVE-2021-39685 since the code under
consideration is not compiled.

Orabug: 33739525

* CVE-2022-0435: Denial-of-service in Transparent Inter-Process Communication protocol.

A buffer overflow flaw in The Transparent Inter-Process Communication
protocol could lead to crash in systems that have a TIPC bearer
configured. A remote attacker could use this flaw to cause a denial of
service.

Orabug: 33850801

* CVE-2022-0330: Code execution in Intel i915 graphics driver.

The Intel i915 graphics driver did not perform a GPU TLB flush in some
situations. A local attacker could use this to cause a denial-of-service
or execute arbitrary code.

Orabug: 33835810

* Capture TDP level when updating CPUID.

Snapshot the TDP level now that it's invariant (SVM) or dependent only
on host capabilities and guest CPUID (VMX).  This avoids having to call
kvm_x86_ops.get_tdp_level() when initializing a TDP MMU and/or
calculating the page role, and thus avoids the associated retpoline.

Orabug: 33841857

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.