[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12196)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Fri Mar 24 15:39:38 UTC 2023 

Synopsis: ELSA-2023-12196 can now be patched using Ksplice
CVEs: CVE-2022-36280 CVE-2022-41218 CVE-2022-4129 CVE-2022-4382 CVE-2022-47929 CVE-2022-4842 CVE-2022-48424 CVE-2023-0045 CVE-2023-0210 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-1073 CVE-2023-1074 CVE-2023-23454 CVE-2023-23455 CVE-2023-23559

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12196.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12196.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-0394: NULL dereference during IPv6 raw frame processing.

An arithmetic error when processing certain IPv6 header information can
lead to a NULL pointer dereference.  A malicious local user could
exploit this flaw to cause a denial-of-service.


* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.


* CVE-2022-47929: NULL dereference in traffic control subsystem.

Specially crafted network traffic can cause a NULL pointer dereference
in the network traffic control subsystem.  This flaw could be exploited
by a malicious local user to cause a denial-of-service.


* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.


* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.


* CVE-2022-36280: Out-of-bounds access in vmwgfs driver during cursor snoop.

A failure to validate cursor size data during a snoop operation can
lead to an out-of-bounds memory access.  A malicious local user could
exploit this flaw to escalate their privileges, or to cause a
denial-of-service.


* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.

A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access.  This flaw could be exploited by a local
attacker to cause a denial-of-service.


* Stale entries are never purged from RDMA address cache.

A logic error during RDMA address resolution causes stale entries to
remain in the cache indefinitely.

Orabug: 35060575


* Note: Oracle will not provide a zero-downtime update for CVE-2022-4842.

Oracle has determined that the vulnerability does not affect a
running system.


* Note: Oracle will not provide a zero-downtime update for CVE-2023-0210.

Oracle has determined that the vulnerability does not affect a
running system.


* CVE-2022-4129: Denial-of-service in Layer 2 Tunneling Protocol (L2TP).

Incorrect locking in the Layer 2 Tunneling Protocol (L2TP) can lead to a race
condition and NULL pointer dereference. A local user could use this to crash the
system leading to denial-of-service.


* CVE-2023-23559: Buffer overflow in driver for RNDIS-based wireless USB devices.

A buffer overflow exists in the driver code for wireless USB devices based on
Remote Network Driver Interface Specification (RNDIS). This could allow a local
user to cause denial-of-service.


* User-after-free in NFS server support for NFS version 4.

A logic flaw in NFS server support for NFS version 4 could result in a
user-after-free. A local user could use this flaw to cause denial-of-service or
execute arbitrary code.


* CVE-2023-0461: Use-after-free in Upper Level Protocol (ULP) subsystem.

Improper handling of sockets entering the LISTEN state can lead to
use-after-free. A local attacker could use this to cause denial-of-service or
execute arbitrary code.


* CVE-2023-23454: Denial-of-service in CBQ packet scheduling.

When dropping a packet in Class-Based Queueing (CBQ) packet scheduling
algorithm, invalid data may be read. A local user can use this to cause
denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-4382.

Oracle has determined that the vulnerability does not affect a
running system.


* CVE-2023-1073: Memory Corruption in HID subsystem.

An error in the human interface device (HID) subsystem during insertion
of a USB device can trigger memory corruption. This can allow a local
user to cause denial-of-service or escalate privileges.


* CVE-2023-1074: Memory Leak in Stream Control Transmission Protocol.

A flaw in the Stream Control Transmission Protocol (sctp) can allow a
local user to start a malicious networking service that leaks kernel
memory. This could allow the user to starve resources leading to a
denial-of-service.


* Note: Oracle will not provide a zero-downtime update for CVE-2022-48424.

Oracle has determined that the vulnerability does not affect a
running system.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list