[El-errata] New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2023-12199)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon Mar 27 21:01:34 UTC 2023 

Synopsis: ELSA-2023-12199 can now be patched using Ksplice
CVEs: CVE-2022-2873 CVE-2022-3424 CVE-2022-3545 CVE-2022-36280 CVE-2022-41218 CVE-2022-45934 CVE-2022-47929 CVE-2023-0045 CVE-2023-0266 CVE-2023-0394 CVE-2023-0461 CVE-2023-0615 CVE-2023-23455

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12199.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12199.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Note: Oracle has determined that CVE-2022-3545 is not applicable.

A logic flaw in error handling in Netronome Flow Processor Ethernet
driver could result in a use-after-free. A local attacker could use this
flaw for a denial-of-service or code execution.

The kernel is not affected by CVE-2022-3545 since the code under
consideration is not compiled.


* CVE-2022-45934: Denial-of-Service in Bluetooth L2CAP.

An integer overflow flaw in Bluetooth L2CAP when sending L2CAP
configuration request packets could result in a system crash. A local
user could use this flaw to cause a denial-of-service.


* CVE-2022-3424: Denial-of-service in SGI GRU driver.

A logic error when using SGI GRU driver could lead to a use-after-free.
A local attacker could use this flaw to cause a denial-of-service.


* CVE-2022-2873: Out-of-bounds memory access in iSMT.

A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.


* CVE-2022-41218: Use-after-free in dvb-core device release path.

Improper locking during device release operations can lead to a
use-after-free error in the dvb-core driver.  This bug could be
exploited by a malicious local attack to cause a denial-of-service or to
escalate privileges.


* CVE-2022-36280: Out-of-bounds access in vmwgfs driver during cursor snoop.

A failure to validate cursor size data during a snoop operation can
lead to an out-of-bounds memory access.  A malicious local user could
exploit this flaw to escalate their privileges, or to cause a
denial-of-service.


* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.

A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access.  This flaw could be exploited by a local
attacker to cause a denial-of-service.


* CVE-2023-0045: Deficiency in existing speculative attack mitigation.

A missing branch predictor barrier leaves systems vulnerable to certain
speculative attacks.  This flaw could be exploited to leak information
from a running system.


* CVE-2022-47929: NULL dereference in traffic control subsystem.

Specially crafted network traffic can cause a NULL pointer dereference
in the network traffic control subsystem.  This flaw could be exploited
by a malicious local user to cause a denial-of-service.


* CVE-2023-0461: Use-after-free in Upper Level Protocol (ULP) subsystem.

Improper handling of sockets entering the LISTEN state can lead to
use-after-free. A local attacker could use this to cause denial-of-service or
execute arbitrary code.


* CVE-2023-0266: Use-after-free in ALSA PCM IOCTL processing.

Missing locks around certain operations can lead to a use-after-free
in the ALSA PCM driver.  This flaw could by exploited by a local
attacker to escalate their privileges.


* CVE-2023-0394: NULL dereference during IPv6 raw frame processing.

An arithmetic error when processing certain IPv6 header information can
lead to a NULL pointer dereference.  A malicious local user could
exploit this flaw to cause a denial-of-service.


* Stale entries are never purged from RDMA address cache.

A logic error during RDMA address resolution causes stale entries to
remain in the cache indefinitely.

Orabug: 35060577


* Note: Oracle has determined that CVE-2023-0615 is not applicable.

Lack of boundary checks when adjusting the composing height could lead to
an out-of-bounds memory access.  A local user with the ability to send
IOCTL to the V4L2 VIVID driver could use this flaw to cause a
denial-of-service or elevate privileges.

The kernel is not affected by CVE-2023-0615 since the code under
consideration is not compiled.


* Denial-of-service in Azurewave AZ6027 driver during ioctl processing.

A missing length check on a buffer passed in from userspace via an ioctl
can result in a NULL pointer dereference.  This flaw could be exploited
by a remote attacker to cause a denial-of-service.


* Userspace data corruption when freeing FRWR memory region in the IB/RDS driver.

There is a delay between the time when a FRWR memory region is requested
to be freed and the actual free operation occurring.  In certain cases
this can lead to list corruption in the kernel, and general data
corruption in some userspace applications.

Orabug: 31712036, 34987235, 25962452

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list