New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 are available.

New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELBA-2023-12740)

Synopsis: ELBA-2023-12740 can now be patched using Ksplice
CVEs: CVE-2023-1829 CVE-2023-2124 CVE-2023-31084 CVE-2023-3111 CVE-2023-35788 CVE-2023-3609

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Bug Fix Advisory, ELBA-2023-12740.
More information about this errata can be found at
https://linux.oracle.com/errata/ELBA-2023-12740.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service on KVM SVM guests when writing MSRs.

A new AMD microcode enables an extra bit to be written to in an MSR. A
guest running on an AMD processor should be able to write to that bit
without being killed.

* CVE-2023-35788: Out-of-bounds memory access in Flower Packet Classifier.

Failure to sanity check packet size in the Flower Packet Classifier when
handling TCA_FLOWER_KEY_ENC_OPTS_GENEVE packets may lead to an
out-of-bounds memory write. A malicious remote user could use this flaw
to cause a denial-of-service or escalate privileges.

* CVE-2023-31084: Potential deadlock during DVB driver event processing.

An incorrect use of a semaphore can potentially cause a deadlock in the
DVB core driver. This flaw could be exploited by an unprivileged local
attacker to cause a denial-of-service.

* CVE-2023-3111: Use-after-free in the Btrfs filesystem when a transaction fails.

An incorrect error handling logic in the Btrfs filesystem when a
transaction fails could lead to a use-after-free. An attacker could use
this flaw to cause a denial-of-service or potentially escalate its
privileges.

* CVE-2023-2124: Denial-of-service in XFS file system during image restoration.

Insufficient checks in XFS during image restoration after a failure
with a dirty log journal can lead to out-of-bounds memory access flaw.
A local attacker can use this flaw to cause denial-of-service or to
escalate their privileges.

* CVE-2023-3609: Privilege escalation in U32 network packet classifier.

Incorrect reference counter handling in the network packet scheduler when
classifying using Universal 32-bit comparisons with hashing can lead to
use-after-free. This can allow a local user to trigger privilege escalation.

* CVE-2023-1829: Use-after-free in traffic control index filter.

A flaw in tcindex when deactivating filters can lead to a double-free. A
local attacker could use this flaw to cause a denial-of-service or
elevate privileges on the system.

This update prevents the cls_tcindex module from being loaded. In order
to force the module to load, the parameter 'force=1' can be passed in at
module load time. For example:

modprobe cls_tcindex force=1

Orabug: 35724249, 35616810

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.