New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12782)
Synopsis: ELSA-2023-12782 can now be patched using Ksplice
CVEs: CVE-2022-40982 CVE-2022-47946 CVE-2023-3212 CVE-2023-3390 CVE-2023-35001 CVE-2023-3776 CVE-2023-3863 CVE-2023-4132
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12782.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12782.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-3212: NULL dereference in GFS2 file system.
On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.
* CVE-2023-4132: Use-after-free in Siano MDTV reciever driver.
A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.
* CVE-2023-3390: Use-after-free in Netfilter nf_tables packet classification framework.
Incorrect error path handling with NFT_MSG_NEWRULE in the Netfilter
nf_tables packet classification framework can lead to a use-after-free.
This can allow a local unprivileged user to perform arbitrary access to
kernel memory and escalate privileges.
* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.
A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.
Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.
* CVE-2022-47946: Privilege escalation when waiting in io_uring subsystem.
A logic error when using IORING_ENTER_SQ_WAIT option of io_uring could
lead to a use-after-free. A local attacker with system execution
privileges could use this flaw to escalate privileges.
Orabug: 35495339
* Add possibility to disable usage of io_uring subsystem.
io_uring subsystem has many security issues with some of it being
impossible to live patch. Thus, Oracle decided to add a way for customer
not using io_uring to disable it for unprivileged user by using
/proc/sys/kernel/io_uring_disabled knob.
Note that io_uring is disabled by default for unprivileged users.
This is the solution proposed by Oracle for CVE-2022-2327,
CVE-2023-3389 and CVE-2023-1295.
* Note: Oracle will not provide a zero-downtime update for CVE-2022-40982.
The fix for this CVE on systems running Oracle UEK6 is a microcode
update for affected CPUs. Customers will need to upgrade the microcode
on affected CPUs in order to mitigate this vulnerability.
Orabug: 35714800
* Note: Oracle has determined that CVE-2023-3863 is not applicable.
A use-after-free in NFC subsystem could allow a local attacker to leak
information about the running kernel.
The kernel is not affected by CVE-2023-3863 since the code under
consideration is not compiled.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 are available.
