New Ksplice updates for UEKR7 5.15.0 on Oracle Linux 8 and 9 are available.

New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELBA-2023-12742)

Synopsis: ELBA-2023-12742 can now be patched using Ksplice
CVEs: CVE-2023-1829 CVE-2023-20593 CVE-2023-2124 CVE-2023-21255
CVE-2023-2156 CVE-2023-31084 CVE-2023-3212 CVE-2023-3338 CVE-2023-3389
CVE-2023-3390 CVE-2023-35788 CVE-2023-3609 CVE-2023-3610

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2023-12742.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2023-12742.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Note: Oracle has determined that CVE-2023-21255 is not applicable.

A possible use after free in the binder kernel driver could lead to a
memory corruption. A local attacker could use this flaw to escalate
privileges.

The kernel is not affected by CVE-2023-21255 since the code under
consideration is not compiled.

* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.

* CVE-2023-31084: Potential deadlock during DVB driver event processing.

An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.

* CVE-2023-2124: Denial-of-service in XFS file system during image
restoration.

Insufficient checks in XFS during image restoration after a failure
with a dirty log journal can lead to out-of-bounds memory access flaw.
A local attacker can use this flaw to cause denial-of-service or to
escalate their privileges.

* CVE-2023-3389: Use-after-free in io_uring.

A race-condition in io_uring when canceling a poll request with a
linked timeout may lead to a use-after-free. An attacker could use this
flaw for a denial-of-service or escalate privileges.

* CVE-2023-3390: Use-after-free in Netfilter nf_tables packet
classification framework.

Incorrect error path handling with NFT_MSG_NEWRULE in the Netfilter
nf_tables packet classification framework can lead to a use-after-free.
This can allow a local unprivileged user to perform arbitrary access to
kernel memory and escalate privileges.

* CVE-2023-3212: NULL dereference in GFS2 file system.

On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.

* CVE-2023-2156: Insufficient input validation in IPv6 RPL Source Routing.

Insufficient input validation in IPv6 RPL Source Routing can lead to an
assertion failure. This can allow a remote unauthenticated attacker to
create a denial-of-service.

* Note: Oracle has determined that CVE-2023-3338 is not applicable.

A null pointer dereference in the DECnet networking protocol can allow a
remote user to crash the system.

The kernel is not affected by CVE-2023-3338 since the code under
consideration is not compiled.

* CVE-2023-3609: Privilege escalation in U32 network packet classifier.

Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-3610.

Oracle has determined that patching CVE-2023-3610 on a running system would
not be safe and recommends a reboot.

* Enable late microcode loading.

Updated microcode may be required to mitigate certain vulnerabilities, e.g.
Zenbleed (CVE-2023-20593).

To load the microcode if the updated firmware is already installed, run:
echo 1 > /sys/devices/system/cpu/microcode/reload

Orabug: 35724475

* CVE-2023-1829: Use-after-free in traffic control index filter.

A flaw in tcindex when deactivating filters can lead to a double-free. A
local attacker could use this flaw to cause a denial-of-service or
elevate privileges on the system.

Orabug: 35642167, 35724477

* Note: Oracle will not provide a zero-downtime fix for CVE-2023-20593.

The optimal fix for this CVE on systems running UEKR7 is a microcode
update for affected CPUs. Customers will need to upgrade the microcode
on affected CPUs in order to mitigate this vulnerability.

To load the microcode if the updated firmware is already installed, run:
echo 1 > /sys/devices/system/cpu/microcode/reload

Orabug: 35724473

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.