Oracle Linux 6154 Published by

New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 has been released.



El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2022-9852)


Synopsis: ELSA-2022-9852 can now be patched using Ksplice
CVEs: CVE-2015-1350 CVE-2017-13166 CVE-2017-16537 CVE-2017-18270 CVE-2017-7472 CVE-2018-9422 CVE-2020-12654 CVE-2020-12655 CVE-2020-12770 CVE-2020-14390 CVE-2021-30002 CVE-2021-42739 CVE-2021-43976 CVE-2021-45486 CVE-2022-0850 CVE-2022-1184 CVE-2022-2503 CVE-2022-2964 CVE-2022-3028 CVE-2022-3239 CVE-2022-36879 CVE-2022-36946

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9852.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2022-9852.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-2964: Out-of-bounds accesses in ASIX AX88179/178A USB 3.0/2.0 to Gigabit Ethernet.

Missing sanity checks in receive data path of ASIX AX88179/178A USB
3.0/2.0 to Gigabit Ethernet could result in out-of-bounds accesses.
A local, privileged user could use this flaw to cause a denial of
service or information disclosure.

Orabug: 34594265

* CVE-2017-7472: Denial-of-service when setting default request-key keyring.

A logic error when a user set default request-key keyring multiple
times could lead to a memory leak. A local attacker could use this flaw
to exhaust kernel memory and cause a kernel panic.

Orabug: 27902747

* CVE-2022-36879: Denial-of-service in XFRM.

An incorrect reference counting flaw in IP framework for transforming
packets when manipulating XFRM policy entries could result in release
a resource before it is made available for re-use. A local user could
use this flaw for a denial-of-service.

Orabug: 34503626

* CVE-2020-12770: Information leak/DoS in SCSI generic userspace write.

When copying data from userspace to a SCSI generic (sg) device, the
associated list entry is not properly removed, potentially causing a
denial-of-service or leaking sensitive kernel information.

Orabug: 31350699

* CVE-2022-3028: Out-of-bounds memory access in IP framework XFRM subsystem.

A race condition can occur when multiple calls to the same function
in the IP framework can lead to a race condition, and subsequent
out-of-bounds memory accesses. A local attacker could exploit this flaw
to leak kernel memory, or make arbitrary writes to kernel memory.

Orabug: 34566754

* CVE-2022-1184: Use-after-free when handling corrupted hash tree in ext4.

A logic error when handling corrupted hash tree directory in ext4
filesystems could lead to a use-after-free. A local attacker could use
this flaw and a malicious ext4 image to cause a denial-of-service.

Orabug: 34555416

* CVE-2017-16537: NULL pointer dereference when registering SoundGraph iMON Receiver and Display driver.

A missing check when registering SoundGraph iMON Receiver and Display
driver could lead to a NULL pointer dereference. A local attacker could
use this flaw to cause a denial-of-service.

Orabug: 31225377

* CVE-2021-30002: Denial-of-service in V4L2 driver due to memory leaks.

A flaw in the exit code sequence of V4L2 driver could lead to memory
leaks. A local user could use this flaw to cause a denial-of-service.

* CVE-2021-45486: Information leak in IPv4 hash table implementation.

An undersized hash table in the IPv4 implementation can lead to an
information leak. A remote attacker could exploit this flaw to gain
access to information about the running system.

Orabug: 33778986

* CVE-2022-2503: Filesystem integrity check bypass in dm-verity.

A flaw in dm-verity allows users to switch out dm-verity target with
equivalent dm-linear targets and bypass filesystem integrity
verification. A privileged user could use this to load untrusted kernel
modules and firmware.

Orabug: 34555434

* CVE-2022-0850: Information leak in the ext4 driver.

Lack of initialization of kernel structures that are passed to userspace
could lead to an information leak. An attacker could use this flaw to
facilitate an attack.

Orabug: 34579226

* CVE-2018-9422: Denial-of-service when grabbing a futex.

Lock contention could potentially lead to stalls and when grabbing a mutex.
An unprivileged user could use this flaw to cause a denial-of-service by
causing extreme contentions on page locks.

Orabug: 29048998

* CVE-2021-43976: Malicious Marvell mwifiex USB device causes DoS.

Incorrect handling of packet buffers received from a Marvell mwifiex USB
device could result in a kernel assertion failure. A malicious device
might exploit this to crash the kernel.

Orabug: 33784271

* CVE-2020-14390: Memory corruption when resizing the framebuffer.

A logic error when handling framebuffer resizing and scrollbacks could
lead to memory corruption. A local user could use this to cause a
denial-of-service or possibly arbitrary code execution or privilege
escalation.

Orabug: 31914703

* CVE-2017-18270: Permission bypass in the keyring subsystem.

A flaw in the keyring management subsystem could allow a user to
impersonnate the keyring of another. A local, unprivileged user could use
this flaw to cause a denial-of-service or potentially compromise the
keyring of another user.

Orabug: 29013653

* CVE-2022-36946: Denial-of-service in netfilter packet handling.

A missing check in netfilter packet handling could lead to an assert.
A remote attacker could use this flaw to cause a denial-of-service.

Orabug: 34475433

* CVE-2020-12655: Denial-of-service when syncing data on XFS filesystem.

On logic error when syncing data on a specially crafted XFS filesystem
could let an attacker cause a denial-of-service.

Orabug: 31350923

* CVE-2020-12654: Denial-of-service when querying WMM status in mwifiex driver.

If an AP sends a malicious query to the station for WMM status, a buffer
overflow could occur. If an attacker can compromise the AP, this bug
could be triggered to cause a denial-of-service.

Orabug: 31350517

* CVE-2021-42739: Buffer overflow in FireDTV firewire DVB receiver driver.

The FireDTV firewire DVB receiver driver contains a buffer overflow when
processing a Program Map Table entry. A malicious device might exploit
this to overwrite memory and cause a denial-of-service.

Orabug: 33488041

* CVE-2015-1350: Denial-of-service in VFS subsystem.

An incomplete set of requirements for setattr operations in VFS
subsystem could result in a denial of elevated permissions from valid
users, services, or applications. A local, non-privileged user could
use this flaw to cause a denial-of-service.

Orabug: 20429825

* CVE-2017-13166: Privilege escalation when using V4L2 ioctls.

Logic errors in multiple V4L2 ioctls could lead to arbitrary execution
of user space defined addresses. A local attacker could use this flaw to escalate
privileges.

Orabug: 28036613

* CVE-2022-3239: Use-after-free when probing Empia 28xx based TV cards.

Lack of intialization of a reference counter before using leads to a
use-after-free. A local user with the ability to plug such cards on the
host physical machine could use this flaw to potentially escalate their
privileges.

Orabug: 34619522

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.


_______________________________________________