[El-errata] New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12339)

Thu May 18 17:10:27 UTC 2023

Synopsis: ELSA-2023-12339 can now be patched using Ksplice
CVEs: CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1118 
CVE-2023-1998 CVE-2023-23004 CVE-2023-25012 CVE-2023-30456

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12339.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12339.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service and filesystem corruption during XFS writeback.

A race between certain XFS writeback operations can lead to system
crashes and filesystem corruption.

Orabug: 35214059

* Denial-of-service in the RDS Infiniband driver when garbage collecting 
caches.

Lack of calling to the scheduler to let other tasks run in the RDS
Infiniband driver garbage collector could lead to soft lock-ups.

Orabug: 35146760

* CVE-2023-1076: Permission bypass in tun/tap sockets.

Incorrect initialization in the tun/tap socket code could allow sockets
to be treated incorrectly in filtering and routing decisions. This could
allow bypassing of network filters.

* CVE-2023-1077: Memory Corruption in Real-Time Scheduling Class.

Incorrect error checking logic in the Real-Time Scheduling Class can lead to
memory corruption. This can allow a local user to cause denial-of-service or
escalate privileges.

* CVE-2023-1079: Use-after-free in HID driver for Asus notebook built-in 
keyboard.

Insufficient locking the HID driver for Asus notebook built-in keyboard can
allow a malicious USB device which advertises itself as an Asus device to
trigger a use-after-free. This may allow a local user to cause memory
corruption.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-25012.

Oracle has determined that the vulnerability does not affect a
running system.

Insufficient locking the HID driver for BigBen Interactive Kids' gamepad
support can allow a malicious USB device to trigger a use-after-free. This
may allow a local user to cause memory corruption.

* CVE-2023-1118: Use-after-free in ENE eHome Receiver/Transceiver driver.

A logic error in the ENE integrated infrared receiver/transceiver leads
to a use-after-free. A local user can use this flaw to cause
denial-of-service or escalate privileges.

* CVE-2023-23004: Incorrect error handling in ARM Mali Display Processor 
driver.

Incorrect logic in the ARM Mali Display Processor driver may cause incorrect
error handling in its plane manipulation routines. This can lead to memory
corruption.

* CVE-2023-30456: Privilege escalation in Intel VMX subsystem for KVM.

Insufficient checking in Intel VMX system for KVM can allow a nested guest
to control values in the virtual machine control structure. This can allow a
local user to escalate privileges.

Orabug: 35278210

* CVE-2023-1998: Information disclosure due to disabled Single Thread 
Indirect Branch Predictors.

With legacy Indirect Branch Restricted Speculation (IBRS), Single Thread
Indirect Branch Predictors (STIBP) was incorrectly determined to be not
needed. This could allow cross-thread branch target injection and
information disclosure.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.