New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2023-12792)
Synopsis: ELSA-2023-12792 can now be patched using Ksplice
CVEs: CVE-2016-5195 CVE-2017-1000253 CVE-2017-11176 CVE-2018-18445 CVE-2019-9213 CVE-2021-22543 CVE-2021-4034 CVE-2023-1206 CVE-2023-3212 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4015 CVE-2023-40283 CVE-2023-4128 CVE-2023-4132
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12792.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12792.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* KPTI enablement for Ksplice.
* Enable livepatching of jump labels.
* CVE-2023-3567: Use-after-free in Virtual Terminal driver read path.
A logic error in the Virtual Terminal driver's read path can lead to a
use-after-free scenario. This flaw could be exploited by a malicious
local user to cause a denial-of-service, or to leak sensitive
information from kernel memory.
Orabug: 35649492
* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.
A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-3212: NULL dereference in GFS2 file system.
On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.
* CVE-2023-3609: Privilege escalation in U32 network packet classifier.
Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.
* CVE-2023-4132: Use-after-free in Siano MDTV reciever driver.
A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.
* CVE-2023-3776: Privlege escalation in Netfilter packet marking driver.
A reference counting error in the Netfilter packet marking
implementation can lead to a use-after-free. This flaw could be
leveraged by a local attacker to escalate their privilege.
* CVE-2023-3611: Privelege escalation in QFQ network scheduler.
An arithmetic error in the Quick Fair Queueing network scheduler can
lead to an out-of-bounds write. This flaw can be exploited by a local
attacker to escalate their privilege.
* CVE-2023-4128: Use-after-free when modifying Netfilter U32/route filters.
A logic error when copying an internal memory structure can lead to a
use-after-free when modifying certain Netfilter filters. A local
attacker could exploit this flaw to escalate their privileges.
* CVE-2023-40283: Use-after-free during Bluetooth socket teardown.
An incomplete cleanup operation when tearing down Bluetooth L2CAP
sockets can lead to a use-after-free. This flaw could potentially be
exploited to cause a denial-of-service or other unexpected behavior.
* Note: Oracle will not provide zero-downtime updates for CVE-2023-4015 and CVE-2023-3390.
Oracle has determined that patching both CVE-2023-4015 and CVE-2023-3390
would not be safe. Oracle recommends disabling the ability for
unprivileged users to create netfilter namespaces. This can be
accomplished by running:
sudo sysctl -w kernel.unprivileged_userns_clone=0
* Note: Oracle will not provide a zero-downtime update for CVE-2023-1206.
Oracle has determined that patching CVE-2023-1206 on a running system
would not be safe and recommends a reboot.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR5 4.14.35 on Oracle Linux 7 are available.
