[El-errata] New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12255)

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Mon May 8 17:16:25 UTC 2023 

Synopsis: ELSA-2023-12255 can now be patched using Ksplice
CVEs: CVE-2022-27672 CVE-2022-3108 CVE-2022-3707 CVE-2022-4129 CVE-2023-0459 CVE-2023-1073 CVE-2023-1074 CVE-2023-2162 CVE-2023-23559 CVE-2023-26545

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12255.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12255.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* CVE-2023-23559: Buffer overflow in driver for RNDIS-based wireless USB devices.

A buffer overflow exists in the driver code for wireless USB devices based on
Remote Network Driver Interface Specification (RNDIS). This could allow a local
user to cause denial-of-service.


* CVE-2023-1073: Memory Corruption in HID subsystem.

An error in the human interface device (HID) subsystem during insertion
of a USB device can trigger memory corruption. This can allow a local
user to cause denial-of-service or escalate privileges.


* CVE-2023-1074: Memory Leak in Stream Control Transmission Protocol.

A flaw in the Stream Control Transmission Protocol (sctp) can allow a
local user to start a malicious networking service that leaks kernel
memory. This could allow the user to starve resources leading to a
denial-of-service.


* Incorrect initialization in BTRFS's zlib compression.

Incorrect initialization in BTRFS zlib compression implementation can
lead to use of uninitialized memory.  This can lead to leak of
privileged information or denial-of-service.


* CVE-2023-26545: Stale pointer in MultiProtocol Label Switching subsystem.

Incorrect error handling in the MultiProtocol Label Switching subsystem
(MPLS) during the renaming of a device can lead to double free. This could
allow a local user to write to arbitrary memory locations or cause
denial-of-service.


* CVE-2022-3707: Double-free in Intel GVT-g graphics driver.

Incorrect error handling in the Intel GVT-g graphics driver can lead to a
double free. This can allow a local user to cause denial-of-service.


* Denial-of-service in the RDS Infiniband driver when garbage collecting caches.

Lack of calling to the scheduler to let other tasks run in the RDS
Infiniband driver garbage collector could lead to soft lock-ups.

Orabug: 35146761


* CVE-2022-4129: Denial-of-service in Layer 2 Tunneling Protocol (L2TP).

Incorrect locking in the Layer 2 Tunneling Protocol (L2TP) can lead to a race
condition and NULL pointer dereference. A local user could use this to crash the
system leading to denial-of-service.


* Parallelize mapping and unmapping operations of large address ranges.

Mapping and unmapping operations on preserved memory increase linearly with
the memory size, leading to delays to exec new processes.  Parallize those
operations to significantly improve the time it takes to exec a new
process.

Orabug: 35054622


* CVE-2022-27672: Information disclosure due to Cross-Thread Return Address Predictions.

When SMT (simultaneous multithreading) is enabled, certain AMD processors
may speculative execute instructions using a target from the sibling thread.
This can potentially lead to information disclosure.

Orabug: 35166671


* CVE-2023-2162: Use-after-free during iSCSI login.

A logic error in the in the iSCSI login path can result in a
use-after-free error.  This flaw could be exploited by a local attacker
to cause a denial-of-service, or to aid in another type of attack.


* CVE-2023-0459: Information leak during userspace access.

Improper handling of user-provided pointers can result in a kernel
information leak.  This flaw could be exploited by an attacker to leak
sensitive information and to aid in other types of attacks.


* CVE-2022-3108: NULL pointer dereference in AMD GPU driver.

A failure to check the result of a function call in an AMD GPU driver
can lead to a NULL dereference and subsequent kernel panic.  A malicious
user coud exploit this flaw to cause a denial-of-service.

Orabug: 34951503

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the El-errata mailing list