[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2022-9827)

Thu Oct 27 22:25:31 UTC 2022

Synopsis: ELSA-2022-9827 can now be patched using Ksplice
CVEs: CVE-2022-1184 CVE-2022-1789 CVE-2022-1972 CVE-2022-1973 
CVE-2022-2078 CVE-2022-21546 CVE-2022-2503 CVE-2022-2585 CVE-2022-2586 
CVE-2022-2959 CVE-2022-3077 CVE-2022-32981 CVE-2022-34918

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9827.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-9827.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-2586: Use-after-free in Netfilter subsystem.

A logic flaw in the Netfilter subsystem when removing NFT table could
result in use-after-free. A local user could use this flaw to cause
a denial-of-service or code execution.

Orabug: 34495566

* CVE-2022-1184: Use-after-free when handling corrupted hash tree in ext4.

A logic error when handling corrupted hash tree directory in ext4
filesystems could lead to a use-after-free. A local attacker could use
this flaw and a malicious ext4 image to cause a denial-of-service.

* CVE-2022-34918: Privilege escalation in Netfilter subsystem.

A type mismatch flaw in Netfilter subsystem when adding a new element to
NFT table could result in a buffer overflow. A local user could use this
flaw to escalate privileges.

Orabug: 34362005

* CVE-2022-21546: Denial-of-service in SCSI write path.

Improper handling of certain types of writes to a SCSI device can
lead to a kernel crash.  A local attacker could exploit this flaw to
cause a denial-of-service.

Orabug: 34419970

* CVE-2022-1789: Denial-of-service in Kernel-based Virtual Machine.

A flaw in handling guest TLB mapping invalidation requests of
Kernel-based Virtual Machine could result in a NULL pointer dereference.
A local use could use this flaw for a denial-of-service.

* CVE-2022-2078, CVE-2022-1972: Unchecked netfilter field desc allows 
out-of-bounds write.

Missing validation of netfilter field desc structures could allow for an
out-of-bounds write. A malicious user could exploit this to escalate
their privileges or execute arbitrary code.

* Warn on the lack of key exchange during NTLMSSP authentication.

Warn on the lack of key exchange during NTLMSSP authentication rather
than aborting it as there are some servers that do not set it in
CHALLENGE message.

Orabug: 34457236

* Note: Oracle has determined that CVE-2022-32981 is not applicable.

Oracle has determined that CVE-2022-32981 is not applicable to x86 or
aarch64. Applying the patch has no resulting changes in the generated
object files.

* CVE-2022-2503: Filesystem integrity check bypass in dm-verity.

A flaw in dm-verity allows users to switch out dm-verity target with
equivalent dm-linear targets and bypass filesystem integrity
verification. A privileged user could use this to load untrusted kernel
modules and firmware.

* Unbind PCI Virtual Functions of unaffiliated Mellanox devices.

When the PCI Bus Master Enable is disabled, devices are unbound, but
unaffiliated Mellanox devices were not unbound.

Orabug: 34395376

* CVE-2022-2585: Use-after-free in POSIX CPU timers.

A use-after-free flaw exists in the kernel's POSIX CPU timers
functionality when a timer is created and deleted in the non-leader
thread of a program. This allows a local user to cause denial-of-service
or escalate privileges on the system.

Orabug: 34495548

* CVE-2022-3077: Buffer overflow in Intel iSMT SMBus Controller driver.

A buffer overflow exists in the driver code for Intel's iSMT SMBus
Controller in the I2C_SMBUS_BLOCK_PROC_CALL case of the I2C_SMBIS ioctl.
This flaw could allow a local user to cause denial-of-service.

* CVE-2022-2959: Use-after-free in pipe subsystem.

A race condition when trying to resize pipe ring buffers may lead to a
use-after-free. A local attacker could use this flaw to cause a denial
of service or elevate privileges on the system.

* Note: Oracle will not provide a zero-downtime update for CVE-2022-1973.

Oracle has determined that the vulnerability does not affect a
running system.

An uninitialized pointer free in log_replay could result in memory leaks
and data corruption. A local user could use this flaw for
denial-of-service or gain arbitrary code execution.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.