New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 has been released.

El-errata: New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2021-9007)

Synopsis: ELSA-2021-9007 can now be patched using Ksplice CVEs:
CVE-2020-14351 CVE-2020-14381 CVE-2020-25705 CVE-2020-28374 CVE-2020-29568
CVE-2020-29569

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2021-9007. More
information about this errata can be found at
  https://linux.oracle.com/errata/ELSA-2021-9007.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2020-28374: Access control bypass when reading or writing TCM devices.

Lack of validation against the session's list when matching a Target Core
Mod (TCM) device during an eXtended COPY (XCOPY) operation leads to access
control bypass. Attackers with access to one device could read and write
from/to other devices they should not have access to.

Orabug: 32248032

* Note: Oracle will not be providing a rebootless update for CVE-2020-29568.

Oracle has determined that patching this vulnerability live on a running system
would not be safe and is recommending to reboot the vulnerable hosts.

Orabug: 32253412

* CVE-2020-25705: ICMP rate-limiter can indirectly leak UDP port information.

The predictability of the rate at which ICMP messages are rate-limited
can be used by attackers to effectively scan for open UDP ports on a
remote system.

* CVE-2020-14351: Privilege escalation in perf subsystem due to use-after-free.

A flaw in the perf subsystem could lead to a use-after-free memory
error. This flaw could allow a local attacker with permission to monitor
perf events to corrupt memory and possibly escalate privileges.

* CVE-2020-29569: Use-after-free when disconnecting Xen block devices.

A logic error when disconnecting Xen block devices may cause a use-after-free.
A rouge guest instance may be able to use this to cause a Denial-of-Service
on dom0.

Orabug: 32260256

* Note: Oracle will not provide a live update for CVE-2020-14381.

Oracle has determined that patching this vulnerability live on a running
system would not be safe and is recommending to reboot the affected hosts.
The vulnerability applies to hosts with untrusted users being able to
create futexes on a filesystem that is about to be unmounted, and as such
requires a privileged user to unmount the filesystem at the right time to
be leveraged.

Orabug: 32233515

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.