An UEKR5 4.14.35 update on Oracle Linux 7 has been released.

El-errata: New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2021-9349)

Synopsis: ELSA-2021-9349 can now be patched using Ksplice
CVEs: CVE-2020-27815 CVE-2020-27825 CVE-2020-27830 CVE-2021-23133 CVE-2021-3178 CVE-2021-32399 CVE-2021-33033 CVE-2021-33034

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9349.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2021-9349.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Note: Oracle has determined that CVE-2020-27815 is not applicable.

Oracle has determined that CVE-2020-27815 is not applicable and corrects a
false-positive linter warning. Applying the patch has no resulting
changes in the generated object files.

* CVE-2021-33033: Use-after-free in NetLabel subsystem due to improper reference counting.

A flaw in CIPSO and CALIPSO reference counting scheme of NetLabel packet
labeling framework could lead to a use-after-free. A local use could this
flaw for a code execution or a denial-of-service.

Orabug: 32912072

* CVE-2021-3178: Path traversal vulnerability in NFSv3 filesystem.

A flaw in the NFSv3 implementation when there is an NFS export of
a subdirectory of a filesystem could lead to a leak of the file handle
for parent directory. A remote attackers could use this flaw to traverse
to other parts of the filesystem and gain more access than expected.

* CVE-2021-23133: Multiple vulnerabilities due to a race condition in SCTP.

A flaw in socket functionality of Stream Control Transmission Protocol
could lead to a race condition. A local user with network service
privileges could use this flaw for privilege escalation, information
disclosure or denial-of-service.

Orabug: 32907967

* Note: Oracle has determined that CVE-2020-27830 is not applicable.

The kernel is not affected by CVE-2020-27830 since the code under
consideration is not compiled.

* CVE-2020-27825: Race condition in kernel tracing buffers causes DoS.

Missing locking around kernel trace buffers could result in
use-after-free when the buffers are resized. A malicious user with trace
permissions might exploit this to cause a denial-of-service or escalate
their privileges.

* CVE-2021-33034: Use-after-free when tearing down bluetooth HCI channel.

A race condition in the bluetooth Host Controller Interface code could
result in a use-after-free. A malicious device might exploit this to
write data to an arbitrary kernel address, potentially allowing code
execution under control of the device.

Orabug: 32912103

* CVE-2021-32399: Race condition when removing bluetooth HCI controller.

A race condition when removing bluetooth HCI controller could result in
race condition and out-of-bounds write. A malicious unprivileged user
might able to exploit this to cause a denial-of-service or escalate
their privileges.

Orabug: 32912035

* Improve Machine Check Exception handling.

On Machine Check Exception, collect error data in crashdump.

Orabug: 32820277

* Fix TSC-Deadline timer expiration.

A logic error in the handling of TSC-Deadline timers may lead to them
never expiring. This may lead to unresponsive guest virtual machines.

Orabug: 32992668

* RDS loopback connections are rejected forever after failover.

In certain situations it is possible for the passive side of an RDS
loopback connection to refuse to yield indefinitely, which causes RDS
loopback connections to be rejected forever.

Orabug: 32925131

* Memory leak in RDMA route resolution.

A logic error when attempting to resolve RDMA routes can lead to a
memory leak. This can cause a system to behave unexpectedly, and
could potentially lead to a denial-of-service.

Orabug: 33048382

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.

_______________________________________________