New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 has been released.

El-errata: New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2021-9442)

Synopsis: ELSA-2021-9442 can now be patched using Ksplice
CVEs: CVE-2019-9456 CVE-2019-9458 CVE-2020-0305 CVE-2020-0429 CVE-2020-27068 CVE-2020-28097 CVE-2021-27363 CVE-2021-27364 CVE-2021-34693 CVE-2021-3609

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9442.
More information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2021-9442.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Deadlock in Xen network backend driver.

Certain operations in the Xen network backend driver while interrupts are
disabled can cause deadlocks. A malicious or buggy frontend can cause a
denial-of-service.

Orabug: 33277550

* CVE-2021-34693: Information leak in CAN BCM message.

The header of a CAN bus BCM message contains uninitialized memory that
is transmitted over the wire. A malicious device might exploit this to
gain information about the running system.

Orabug: 33030701

* CVE-2021-3609: Privilege escalation when registering CAN message receiver.

A race condition exists within the code for handling the registration
for a CAN message receiver via the CAN BCM protocol that results in a
use-after-free. A malicious local user can exploit this flaw to write
to arbitrary memory and escalate their privileges.

Orabug: 33114649

* CVE-2020-0305: Use-after-free when failing to open file on character device.

A mishandled error case when opening a file on a generic character
device might result in a write to an invalid pointer, potentially
resulting in memory corruption or a denial-of-service.

Orabug: 33113412

* CVE-2019-9458: Use-after-free in V4L2 event subscription.

Due to insufficient locking in the V4L2 driver, an event subscription
could be freed while it is still in use. A malicious user could use
this to cause denial of service or potentially elevate privileges.

Orabug: 33113344

* CVE-2020-28097: Out-of-bounds read in the VGA text console subsystem.

Mishandled software scrollback in the VGA text console subsystem can cause
out-of-bounds reads with a potential for denial-of-service or leaking of
privileged data.

Orabug: 33047770

* CVE-2020-27068: Out-of-bounds read in cfg80211 driver.

A missing bounds check in the cfg80211 driver could allow a out-of-bounds read
which could lead to local information disclosure.

Orabug: 33114443

* CVE-2020-0429: Memory corruption in Layer Two Tunneling Protocol.

Use-after-free in l2tp can cause memory corruption leading to local escalation
of privileges.

Orabug: 33113975

* CVE-2019-9456: Out-of-bounds write in USB monitor drivers.

A missing bounds check can lead to an out-of-bounds write in the USB monitoring
code which can lead to local escalation of privilege.

Orabug: 33113260

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.