New Ksplice updates for UEKR5 4.14.35 on Oracle Linux 7 are available.

New Ksplice updates for UEKR5 4.14.35 on OL7 (ELSA-2023-12792)

Synopsis: ELSA-2023-12792 can now be patched using Ksplice
CVEs: CVE-2016-5195 CVE-2017-1000253 CVE-2017-11176 CVE-2018-18445 CVE-2019-9213 CVE-2021-22543 CVE-2021-4034 CVE-2023-1206 CVE-2023-3212 CVE-2023-3390 CVE-2023-35001 CVE-2023-3567 CVE-2023-3609 CVE-2023-3611 CVE-2023-3776 CVE-2023-4015 CVE-2023-40283 CVE-2023-4128 CVE-2023-4132

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12792.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12792.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR5 4.14.35
on OL7 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* KPTI enablement for Ksplice.

* Enable livepatching of jump labels.

* CVE-2023-3567: Use-after-free in Virtual Terminal driver read path.

A logic error in the Virtual Terminal driver's read path can lead to a
use-after-free scenario. This flaw could be exploited by a malicious
local user to cause a denial-of-service, or to leak sensitive
information from kernel memory.

Orabug: 35649492

* CVE-2023-35001: Out-of-bounds memory access in Netfilter nf_tables packet classification framework.

A flaw in netfilter nf_tables when evaluating byteorder expressions may
lead to an out-of-bounds memory read or write. A local user with the
CAP_NET_ADMIN capability could use this flaw to escalate privileges.

* CVE-2023-3212: NULL dereference in GFS2 file system.

On corrupt gfs2 file systems, the evict logic can dereference the journal
descriptor after it has been freed, leading to a NULL pointer dereference. A
local user with privileges can use this flaw to cause denial-of-service.

* CVE-2023-3609: Privilege escalation in U32 network packet classifier.

Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.

* CVE-2023-4132: Use-after-free in Siano MDTV reciever driver.

A logic error in the smsusb driver can lead to a use-after-free
scenario. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.

* CVE-2023-3776: Privlege escalation in Netfilter packet marking driver.

A reference counting error in the Netfilter packet marking
implementation can lead to a use-after-free. This flaw could be
leveraged by a local attacker to escalate their privilege.

* CVE-2023-3611: Privelege escalation in QFQ network scheduler.

An arithmetic error in the Quick Fair Queueing network scheduler can
lead to an out-of-bounds write. This flaw can be exploited by a local
attacker to escalate their privilege.

* CVE-2023-4128: Use-after-free when modifying Netfilter U32/route filters.

A logic error when copying an internal memory structure can lead to a
use-after-free when modifying certain Netfilter filters. A local
attacker could exploit this flaw to escalate their privileges.

* CVE-2023-40283: Use-after-free during Bluetooth socket teardown.

An incomplete cleanup operation when tearing down Bluetooth L2CAP
sockets can lead to a use-after-free. This flaw could potentially be
exploited to cause a denial-of-service or other unexpected behavior.

* Note: Oracle will not provide zero-downtime updates for CVE-2023-4015 and CVE-2023-3390.

Oracle has determined that patching both CVE-2023-4015 and CVE-2023-3390
would not be safe. Oracle recommends disabling the ability for
unprivileged users to create netfilter namespaces. This can be
accomplished by running:

sudo sysctl -w kernel.unprivileged_userns_clone=0

* Note: Oracle will not provide a zero-downtime update for CVE-2023-1206.

Oracle has determined that patching CVE-2023-1206 on a running system
would not be safe and recommends a reboot.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.