El-errata: New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2022-9264)
Synopsis: ELSA-2022-9264 can now be patched using Ksplice
CVEs: CVE-2020-36516 CVE-2022-0617 CVE-2022-1016 CVE-2022-1158 CVE-2022-22942 CVE-2022-24448 CVE-2022-26966
Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2022-9264.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2022-9264.html
INSTALLING THE UPDATES
We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.
On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.
Alternatively, you can install these updates by running:
# /usr/sbin/uptrack-upgrade -y
DESCRIPTION
* CVE-2022-1158: Use-after-free in the KVM subsystem.
A flaw in the KVM subsystem may allow a guest virtual machine to
trigger a use-after-free exception. This may lead to denial-of-service
and possible loss of system confidentiality.
Orabug: 34023597
* CVE-2022-24448: Information leak when NFSv4 directory lookup fails.
If an open is performed with O_DIRECTORY on a regular file mounted over
NFSv4, the returned file descriptor will be uninitialized, potentially
leaking sensitive kernel information.
Orabug: 33958154
* CVE-2022-22942: Use-after-free in VMware Virtual GPU driver.
Improper error handling flaw in VMware Virtual GPU driver could lead
to a stale entry to be left in the file descriptor table resulting in
use-after-free. Unprivileged, local users could use this flaw in order
to gain access to files opened by other processes on the system through
a dangling file pointer and cause information disclosure or privilege
escalation.
Orabug: 33840432
* CVE-2022-0617: NULL-pointer dereference when processing UDF metadata.
When converting a UDF filesystem control block to its expanded form, an
invalid block could result in a NULL callback being invoked, resulting
in a system crash. A malicious user or filesystem image might exploit
this to cause a denial-of-service.
Orabug: 33870266
* CVE-2022-26966: Information disclosure in CoreChip SR9700 USB 10/100 Ethernet adapter.
A missing sanity check flaw in CoreChip SR9700 USB 10/100 Ethernet
adapter could result in sensitive information leaking from heap memory
to user space. A local user could use this flaw for information
disclosure.
Orabug: 33962705
* Don't flush cache if hardware enforces cache coherency across encryption domains.
In some hardware implementations, coherency between the encrypted and
unencrypted mappings of the same physical page in a VM is enforced. In
such a system, it is not required for software to flush the VM's page
from all CPU caches in the system prior to changing the value of the
C-bit for the page.
Orabug: 33921125
* CVE-2020-36516: Multiple vulnerabilities in TCP/IP protocol.
The mixed IPID assignment method with the hash-based IPID assignment
policy could allow an attacker to perform a Man-in-the-Middle Attack.
A remote attacker could use this flaw to pretend to be the sender of
the TCP/IP packet for an existing TCP/IP session and inject data into
the TCP session or terminate that session.
Orabug: 33917056
* Reinitialize logbuf lock if CPU is halted while holding the lock.
If a CPU is halted while holding logbuf_lock, then subsequent printk()
operations on the panic CPU will deadlock. Add a helper to reinitialize
the logbuf locks and do this before calling panic notifiers, to reduce
the chance of a deadlock.
Orabug: 33740420
* CVE-2022-1016: Information leak in the netfilter subsystem.
A flaw in the netfilter subsystem result in a use-after-free. This may
allow a local unprivileged user to cause an information leak, resulting
in loss of system confidentiality.
Orabug: 34035701
SUPPORT
Ksplice support is available at ksplice-support_ww@oracle.com.
New Ksplice updates for UEKR6 5.4.17 on Oracle Linux 7 and 8 has been released.