El-errata: New Ksplice updates for RHCK 7 (ELSA-2022-0620)

Synopsis: ELSA-2022-0620 can now be patched using Ksplice
CVEs: CVE-2020-0465 CVE-2020-0466 CVE-2021-0920 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-4034 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-0620.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2022-0620.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running RHCK 7 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2021-4034: Privilege escalation in pkexec.

Incorrect input validation in the pkexec program (part of Polkit) allows
any local user to become root.

* CVE-2021-4155: Data leak in XFS filesystem.

The XFS filesystem does not correctly initialize certain data blocks. This
could allow data leaks to unprivileged users.

* CVE-2021-3573: Code execution in the bluetooth subsystem due to use-after-free.

Improper handling of HCI device detach events in the bluetooth subsystem
could leading to a use-after-free. A local user could use this flaw to
cause a denial of service or possibly execute arbitrary code.

* CVE-2020-0465: Out-of-bounds writes in the USB HID stack.

Lack of untrusted input validation in the USB HID stack could lead to an
out-of-bounds memory write. Untrusted HID devices could use this flaw to
cause a denial-of-service or potentially get kernel execution.

* CVE-2021-3564: Denial-of-service in bluetooth subsystem.

An ordering issue whilst handling data flushes may lead to a
double-free. This could allow a local attacker to cause a
denial-of-service.

* CVE-2021-0920: Privilege escalation in BSD Unix domain sockets.

Lack of synchonization in BSD Unix domain sockets module could result
in a use after free error. A local user could use this flaw to cause
denial-of-service or priviledges escalation.

* CVE-2020-0466: Use-after-free when creating a new epoll instance.

Lack of reference counting on underlying files used by the epoll subsystem
could lead to a use-after-free if the files are concurrently removed. An
unprivileged user could use this flaw to cause a denial-of-service or
potentially escalate privileges.

* CVE-2022-22942: Use-after-free in VMware Virtual GPU driver.

Improper error handling flaw in VMware Virtual GPU driver could lead
to a stale entry to be left in the file descriptor table resulting in
use-after-free. Unprivileged, local users could use this flaw in order
to gain access to files opened by other processes on the system through
a dangling file pointer and cause information disclosure or privilege
escalation.

* CVE-2021-3752: Use-after-free in the Bluetooth subsystem.

A use-after-free exists in the Bluetooth subsystem in the way a user connects
and disconnects from a socket. A local unprivileged user could use this flaw
to cause a denial-of-service or potentially escalate privileges.

* Note: Oracle will not provide a zero-downtime update for CVE-2022-0330.

Oracle has determined that patching CVE-2022-0330 on a running system would not
be safe. The issue occurs only if a local user has privileges to access the
i915 Intel GPU and the user is running malicious code on it. Oracle recommends
a reboot to mitigate these issues if the host is affected.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.