New Ksplice updates for UEKR7 5.15.0 on OL8 and OL9 (ELSA-2023-12858)
Synopsis: ELSA-2023-12858 can now be patched using Ksplice CVEs:
CVE-2023-1989 CVE-2023-20588 CVE-2023-3772 CVE-2023-3773 CVE-2023-39194
CVE-2023-40283 CVE-2023-4128 CVE-2023-4194 CVE-2023-4273 CVE-2023-4569
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12858.
More information about this errata can be found at
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR7 5.15.0 on
OL8 and OL9 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
* CVE-2023-4911: Buffer overflow in the GNU C Library's dynamic loader while processing environment variables.
Incorrect processing of environment variables in the GNU C Library's
dynamic loader ld.so can result in buffer overflow. This flaw could
allow a local attacker to elevate their privileges when launching
binaries with SUID permission.
* CVE-2023-4128: Use-after-free when modifying Netfilter U32/route filters.
A logic error when copying an internal memory structure can lead to a
use-after-free when modifying certain Netfilter filters. A local
attacker could exploit this flaw to escalate their privileges.
* CVE-2023-4194: Permission bypass when using TUN/TAP device driver.
Usage of an incorrect permission attribute when opening a TAP or TUN
device could lead to a permission bypass. A local attacker could use
this flaw to bypass network filters and gain unauthorized access.
Note: this updates improves the fix for CVE-2023-1076 which was
* CVE-2023-40283: Use-after-free during Bluetooth socket teardown.
An incomplete cleanup operation when tearing down Bluetooth L2CAP
sockets can lead to a use-after-free. This flaw could potentially be
exploited to cause a denial-of-service or other unexpected behavior.
* CVE-2023-39194: Information disclosure when using xfrm subsystem.
A missing check when using xfrm subsystem could lead to an out-of-bounds
access. A local user could use this flaw to leak sensitive information.
* CVE-2023-3772: Denial-of-service in the IP framework for transforming packets.
A missing check in the IP framework for transforming packets could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.
* CVE-2023-4569: Denial-of-service in netfilter nf_tables.
Incorrectly disabled catch-all set elements may result in a memory leak.
An attacker could use this flaw to exhaust the system's memory and
eventually cause a denial-of-service.
* CVE-2023-4273: Out-of-bounds memory access in exFAT.
Improper bounds checking in the exFAT driver when extracting the uni name
of a file from the directory index could lead to a stack overflow. A
local privileged attacker could use this flaw to execute arbitrary code
on the system.
* CVE-2023-20588: Information disclosure on AMD CPUs.
A hardware flaw on some AMD processors when handling division-by-zero
errors may result in speculative data exposure. An attacker could use this
flaw to access sensitive information.
* CVE-2023-3773: Information leak in the networking transformation sub-system.
A missing type description in the networking transformation code could lead
to reading four uninitialized bytes. A local attacker could use this flaw
to leak memory from the kernel heap.
* CVE-2023-4622: Use-after-free when sending data through Unix sockets.
A locking error when sending data through a Unix sockets that is
concurrently being pruned from garbage collected file descriptors could
lead to a use-after-free. A local, unprivileged user could use this flaw
to cause a denial-of-service or escalate its privileges.
* CVE-2023-1989: Denial-of-service when unloading the Bluetooth SDIO driver.
A missing clean-up routine to cancel a timer when removing a Bluetooth SDIO
could lead to a use-after-free. A local, privileged user could use this
flaw to cause a denial-of-service.
Ksplice support is available at firstname.lastname@example.org.
New Ksplice updates for UEKR7 5.15.0 on Oracle Linux 8 and 9 are available.