New Ksplice updates for UEKR4 4.1.12 on Oracle Linux 6 and 7 are available.

New Ksplice updates for UEKR4 4.1.12 on OL6 and OL7 (ELSA-2023-12842)

Synopsis: ELSA-2023-12842 can now be patched using Ksplice
CVEs: CVE-2022-34918 CVE-2023-2513 CVE-2023-35001 CVE-2023-3611 CVE-2023-3772 CVE-2023-3776 CVE-2023-4206 CVE-2023-4387 CVE-2023-4459

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12842.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12842.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR4 4.1.12 on
OL6 and OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2022-34918: Privilege escalation in Netfilter subsystem.

A type mismatch flaw in Netfilter subsystem when adding a new element to
NFT table could result in a buffer overflow. A local user could use this
flaw to escalate privileges.

Orabug: 34362008

* CVE-2023-2513: Use-after-free during ext4 extended attribute operations.

A logic error when setting certain extended attributes on an ext4
filesystem can result in a use-after-free scenario. This flaw could be
exploited by a malicious local attacker to cause a denial-of-service or
to aid in another type of attack.

Orabug: 35382025

* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.

Orabug: 35609787

* CVE-2023-3776: Use-after-free in netfilter classifier due to refcount error.

Incorrect refcounting in the netfilter classifier might result in
use-after-free, potentially allowing an attacker to cause a
denial-of-service.

Orabug: 35636313

* CVE-2023-4387: Information leak in VMware's vmxnet3 ethernet NIC driver.

A missing reset of a pointer when using VMware's vmxnet3 ethernet NIC
driver could lead to a use-after-free. A local attacker could use this
flaw to cause a denial-of-service or leak sensitive information.

Orabug: 35732764

* CVE-2023-4459: Denial-of-service in VMware's vmxnet3 ethernet NIC driver.

A missing check in VMware's vmxnet3 ethernet NIC driver could lead to a
NULL pointer dereference. A local attacker could use this flaw to cause
a denial-of-service.

Orabug: 35732892

* CVE-2023-3772: Denial-of-service in the IP framework for transforming packets.

A missing check in the IP framework for transforming packets could lead
to a NULL pointer dereference. A local attacker could use this flaw to
cause a denial-of-service.

Orabug: 35754509

* CVE-2023-3611: Privilege escalation in QFQ network scheduler.

An arithmetic error in the Quick Fair Queueing network scheduler can
lead to an out-of-bounds write. This flaw can be exploited by a local
attacker to escalate their privilege.

Orabug: 35636291

* CVE-2023-4206: Use-after-free when modifying Netfilter U32/route filters.

A logic error when copying an internal memory structure can lead to a
use-after-free when modifying certain Netfilter filters. A local
attacker could exploit this flaw to escalate their privileges.

Orabug: 35814273

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.