New Ksplice updates for UEKR7 5.15.0 on Oracle Linux 8 and 9 are available.

New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELBA-2023-12794)

Synopsis: ELBA-2023-12794 can now be patched using Ksplice
CVEs: CVE-2022-0185 CVE-2022-0847 CVE-2022-40982 CVE-2022-48502
CVE-2023-21400 CVE-2023-22024 CVE-2023-31248 CVE-2023-34319
CVE-2023-35001 CVE-2023-3611 CVE-2023-3776 CVE-2023-3777 CVE-2023-3863
CVE-2023-3995 CVE-2023-4004 CVE-2023-4015 CVE-2023-4132

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2023-12794.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2023-12794.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-22024: Permission bypass in Reliable Datagram Sockets.

A locking error in the Reliable Datagram Sockets protocol could lead to an
out-of-bounds access. A local attacker could use this flaw to escalate
privilege.

Orabug: 35713695

* Note: Oracle has determined that CVE-2023-3863 is not applicable.

A use-after-free in NFC subsystem could allow a local attacker to leak
information about the running kernel.
The kernel is not affected by CVE-2023-3863 since the code under
consideration is not compiled.

* CVE-2023-21400: Privilege escalation in io_uring due to improper locking.

Missing locking when queueing io_uring functions might result in kernel
memory corruption. This can be exploited to execute arbitrary code in
the kernel.

* CVE-2023-4132: Use-after-free in Siano MDTV receiver driver.

A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.

* CVE-2023-31248: Use-after-free in Netfilter nf_tables packet
classification framework.

A missing sanity check in netfilter nf_tables when looking up a deleted
chain by its ID may lead to a use-after-free. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.

* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables
packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.

* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount
error.

Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.

* CVE-2023-3611: Privilege escalation in QFQ scheduler.

A buffer overrun when configuring the Quick Fair Queue scheduler might
allow a user to overwrite kernel memory, potentially allowing them to
execute arbitrary code.

* Note: Oracle has determined that CVE-2022-48502 is not applicable.

Missing correctness checks in NTFS3 while reading from disk may lead to
an out-of-bounds memory read. An attacker with physical access to an
NTFS3 volume attached to the system may use this flaw for a
denial-of-service or disclosure of sensitive information.

The kernel is not affected by CVE-2022-48502 since the code under
consideration is not compiled.

* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.

A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code
execution.

* CVE-2023-3777: Denial-of-service when flushing netfilter rules tables.

When flushing netfilter rules, bound rule chains are erroneously freed.
A malicious user might exploit this to crash the kernel and cause a
denial-of-service.

* CVE-2023-3995: Netfilter rule chain addition causes DoS.

Missing validation when adding a rule to a bound netfilter rule chain
via NFTA_RULE_CHAIN_ID might result in an invalid operation and system
crash. A malicious user might exploit this to cause a denial-of-service.

* Note: Oracle will not provide a zero-downtime update for CVE-2022-40982.

The fix for this CVE on systems running Oracle UEK7 is a microcode
update for affected CPUs. Customers will need to upgrade the microcode
on affected CPUs in order to mitigate this vulnerability.

* CVE-2023-34319, XSA-432: Buffer overflow in Xen netback driver.

Incorrect logic in the Xen netback driver while handling packets can
lead to a
buffer overflow. An unprivileged guest can cause Denial-of-Service of
the host
network.

* CVE-2023-4015: Use-after-free in Netfilter nf_tables.

Incorrect cleanup in the error path when building Netfilter nf_tables rules
can lead to use-after-free. A local user could use this flaw for
denial-of-service or code execution.

* Updated known exploit detection for CVE-2022-0847.

This update adds known exploit detection for CVE-2022-0847 which has a
public exploit.

* Improved Known exploit detection for CVE-2022-0185.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.