New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12588)
Synopsis: ELSA-2023-12588 can now be patched using Ksplice
CVEs: CVE-2022-1015 CVE-2022-34918 CVE-2022-39189 CVE-2023-1380 CVE-2023-2002 CVE-2023-2269 CVE-2023-3090 CVE-2023-3141 CVE-2023-3268 CVE-2023-34256 CVE-2023-35823 CVE-2023-35824
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12588.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2023-1380: Out-of-bounds read in Broadcom 802.11 Networking Device Driver.
Out-of-bounds read exists in the Broadcom 802.11 Networking Device Driver. This
can lead to a denial-of-service.
* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.
An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted. This can allow
escalation of privileges, denial-of-service and information leak.
* CVE-2023-35824: Use-after-free during dm1105 device removal.
A race condition in the dm1105 driver's device removal path can result
in a use-after-free. This flaw could be exploited by a local attacker
to cause a denial-of-service or other unexpected behavior.
* CVE-2023-2269: Denial-of-service in Device Mapper-Multipathing subsystem.
A possible recursive locking scenario in Linux Kernel Device Mapper
Multipathing subsystem can lead to a deadlock. A local user can use
this flaw to cause denial of service.
* CVE-2023-34256: Out-of-bounds read in ext4 checksum handling.
An arithmetic error in a checksum generation routine in the ext4 driver
can lead to an out-of-bounds read. This flaw could be exploited by a
malicious local user to leak sensitive information or to aid in another
type of attack.
* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.
A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack. This flaw could be exploited a
local attack to cause a denial of service, or other undefined behavior.
* CVE-2023-3141: Use-after-free in the r592 driver's device removal path.
A race condition can occur when removing an r592 device that can lead to
a use-after-free. This flaw could be exploited by a local attacker to
cause a denial-of-service, or to leak sensitive information from kernel
* CVE-2023-35823: Use-after-free in Philips SAA7134 TV card driver.
Incorrect cleanup logic in the saa7134 driver can cause a use-after-free
when the device is removed. This can allow a user with physical access
to escalate privileges or cause undefined behavior.
* CVE-2022-1015: Out-of-bounds access in the Netfilter subsystem.
Inadequate validation of user register indices in the Netfilter
subsystem could lead to an out-of-bounds access. A local user could use
this flaw to cause a denial-of-service or execute arbitrary code.
* CVE-2022-34918: Privilege escalation in Netfilter subsystem.
A type mismatch flaw in Netfilter subsystem when adding a new element to
NFT table could result in a buffer overflow. A local user could use this
flaw to escalate privileges.
* CVE-2023-3268: Out-of-bounds memory access in kernel-userspace relay file support.
An out-of-bounds memory access error exists in the kernel->userspace relay
support. This could allow a local attacker to crash the system or leak
kernel internal information.
* CVE-2022-39189: Privilege escalation in Kernel-based Virtual Machine.
A flaw in KVM instruction emulation could allow unprivileged guest
userspace access to guest kernel memory through stale TLB translations.
An unprivileged guest user could use this flaw to cause a
denial-of-service or gain arbitrary code execution in a guest VM.
* Memory leak in the RDMA resource tracking when deleting an object.
An early return when deleting an object from the RDMA resource tracking
database causes a memory leak of the corresponding task structure. An
attacker could use this flaw to cause a denial-of-service.
Ksplice support is available at email@example.com.
New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 are available.