El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2023-12160)
Synopsis: ELSA-2023-12160 can now be patched using Ksplice
CVEs: CVE-2022-2873 CVE-2022-41858 CVE-2022-45934 CVE-2023-23455
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12160.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2022-2873: Out-of-bounds memory access in iSMT.
A missing sanity check for a user controlled value in the Intel's iSMT
SMBus host controller driver when processing an SMBus command may lead
to a memory corruption by writing past the end of a buffer. A local
user could use this flaw for denial-of-service or code execution.
* CVE-2022-45934: Denial-of-Service in Bluetooth L2CAP.
An integer overflow flaw in Bluetooth L2CAP when sending L2CAP
configuration request packets could result in a system crash. A local
user could use this flaw to cause a denial-of-service.
* CVE-2023-23455: Denial-of-service in ATM Virtual Circuit queue operation.
A logic error during a queue operation in the sch_atm driver can result
in an invalid pointer access. This flaw could be exploited by a local
attacker to cause a denial-of-service.
* CVE-2022-41858: Denial-of-service in the Serial Line Internet Protocol.
A race condition in the SLIP driver could lead to a NULL pointer
dereference. A local, unprivileged user could use this flaw to cause a
Ksplice support is available at firstname.lastname@example.org.
New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 has been released.