[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12206)

Mon Apr 3 23:00:44 UTC 2023

Synopsis: ELSA-2023-12206 can now be patched using Ksplice
CVEs: CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-23454 CVE-2023-23455 CVE-2023-28328

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12206.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12206.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-45934: Denial-of-Service in Bluetooth L2CAP.

An integer overflow flaw in Bluetooth L2CAP when sending L2CAP
configuration request packets could result in a system crash. A local
user could use this flaw to cause a denial-of-service.

* CVE-2023-28328: Denial-of-service in Azurewave AZ6027 driver during ioctl processing.

A missing length check on a buffer passed in from userspace via an ioctl
can result in a NULL pointer dereference.  This flaw could be exploited
by a remote attacker to cause a denial-of-service.

* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.

* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.

A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access.  This flaw could be exploited by a local
attacker to cause a denial-of-service.

* CVE-2023-23454: Denial-of-service in CBQ packet scheduling.

When dropping a packet in Class-Based Queueing (CBQ) packet scheduling
algorithm, invalid data may be read. A local user can use this to cause
denial-of-service.

* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.

* CVE-2022-47929: NULL dereference in traffic control subsystem.

Specially crafted network traffic can cause a NULL pointer dereference
in the network traffic control subsystem.  This flaw could be exploited
by a malicious local user to cause a denial-of-service.

* CVE-2023-0461: Use-after-free in Upper Level Protocol (ULP) subsystem.

Improper handling of sockets entering the LISTEN state can lead to
use-after-free. A local attacker could use this to cause denial-of-service or
execute arbitrary code.

* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.

* CVE-2023-0394: NULL dereference during IPv6 raw frame processing.

An arithmetic error when processing certain IPv6 header information can
lead to a NULL pointer dereference.  A malicious local user could
exploit this flaw to cause a denial-of-service.

* Stale entries are never purged from RDMA address cache.

A logic error during RDMA address resolution causes stale entries to
remain in the cache indefinitely.

Orabug: 35060576

* Userspace data corruption when freeing FRWR memory region in the IB/RDS driver.

There is a delay between the time when a FRWR memory region is requested
to be freed and the actual free operation occurring.  In certain cases
this can lead to list corruption in the kernel, and general data
corruption in some userspace applications.

Orabug: 34987235

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.