New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2023-12792)
Synopsis: ELSA-2023-12792 can now be patched using Ksplice
CVEs: CVE-2016-5195 CVE-2017-1000253 CVE-2017-11176 CVE-2018-18445 CVE-2019-9213 CVE-2021-22543 CVE-2021-4034 CVE-2023-1206 CVE-2023-3212 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4015 CVE-2023-40283 CVE-2023-4128 CVE-2023-4132
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12792.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* KPTI enablement for Ksplice.
* Enable livepatching of jump labels.
* CVE-2023-3567: Use-after-free in Virtual Terminal driver read path.
A logic error in the Virtual Terminal driver's read path can lead to a
use-after-free scenario. This flaw could be exploited by a malicious
local user to cause a denial-of-service, or to leak sensitive
information from kernel memory.
* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.
A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-3212: NULL dereference in GFS2 file system.
On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.
* CVE-2023-3609: Privilege escalation in U32 network packet classifier.
Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.
* CVE-2023-4132: Use-after-free in Siano MDTV reciever driver.
A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.
* CVE-2023-3776: Privlege escalation in Netfilter packet marking driver.
A reference counting error in the Netfilter packet marking
implementation can lead to a use-after-free. This flaw could be
leveraged by a local attacker to escalate their privilege.
* CVE-2023-3611: Privelege escalation in QFQ network scheduler.
An arithmetic error in the Quick Fair Queueing network scheduler can
lead to an out-of-bounds write. This flaw can be exploited by a local
attacker to escalate their privilege.
* CVE-2023-4128: Use-after-free when modifying Netfilter U32/route filters.
A logic error when copying an internal memory structure can lead to a
use-after-free when modifying certain Netfilter filters. A local
attacker could exploit this flaw to escalate their privileges.
* CVE-2023-40283: Use-after-free during Bluetooth socket teardown.
An incomplete cleanup operation when tearing down Bluetooth L2CAP
sockets can lead to a use-after-free. This flaw could potentially be
exploited to cause a denial-of-service or other unexpected behavior.
* Note: Oracle will not provide zero-downtime updates for CVE-2023-4015 and CVE-2023-3390.
Oracle has determined that patching both CVE-2023-4015 and CVE-2023-3390
would not be safe. Oracle recommends disabling the ability for
unprivileged users to create netfilter namespaces. This can be
accomplished by running:
sudo sysctl -w kernel.unprivileged_userns_clone=0
* Note: Oracle will not provide a zero-downtime update for CVE-2023-1206.
Oracle has determined that patching CVE-2023-1206 on a running system
would not be safe and recommends a reboot.
Ksplice support is available at email@example.com.
New Ksplice updates for UEKR5 4.14.35 on Oracle Linux 7 are available.