New Ksplice updates for RHCK 8 (ELSA-2023-5244)
Synopsis: ELSA-2023-5244 can now be patched using Ksplice
CVEs: CVE-2023-2002 CVE-2023-3090 CVE-2023-35001 CVE-2023-35788 CVE-2023-3776 CVE-2023-4004
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-5244.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-5244.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running RHCK 8 install
these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.
Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.
* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.
A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.
* CVE-2023-4004: Privilege escalation in netfilter PIPAPO.
A use-after-free when removing a policy from the netfilter Pile Packet
Policies subsystem might result in a denial-of-service or arbitrary code
execution.
* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.
Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.
* CVE-2023-3090: Stack overflow in ipvlan driver during transmit operation.
A failure to zero out a buffer before use can lead to an out-of-bounds
write to the current process's stack. This flaw could be exploited by a
local attack to cause a denial of service, or other undefined behavior.
* CVE-2023-2002: Insufficient capability check in the Bluetooth HCI sockets subsystem.
An insufficient capability check in the Bluetooth HCI sockets subsystem can
allow an unprivileged program to mark a socket as trusted. This can allow
escalation of privileges, denial-of-service and information leak.
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for RHCK 8 has been released.