New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 are available.

New Ksplice updates for UEKR6 5.4.17 on OL7 and OL8 (ELSA-2023-12394)

Synopsis: ELSA-2023-12394 can now be patched using Ksplice
CVEs: CVE-2022-1679 CVE-2022-4744 CVE-2023-0590 CVE-2023-1076 CVE-2023-1077 CVE-2023-1079 CVE-2023-1118 CVE-2023-1670 CVE-2023-1855 CVE-2023-1859 CVE-2023-1989 CVE-2023-1990 CVE-2023-2194 CVE-2023-2248 CVE-2023-25012 CVE-2023-2513 CVE-2023-28466 CVE-2023-2985 CVE-2023-30456 CVE-2023-30772 CVE-2023-3220 CVE-2023-32233 CVE-2023-33203

Users with Oracle Linux Premier Support can now use Ksplice to patch
against the latest Oracle Linux Security Advisory, ELSA-2023-12394.
More information about this errata can be found at
https://linux.oracle.com/errata/ELSA-2023-12394.html

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on
OL7 and OL8 install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* CVE-2023-1077: Memory Corruption in Real-Time Scheduling Class.

Incorrect error checking logic in the Real-Time Scheduling Class can lead to
memory corruption. This can allow a local user to cause denial-of-service or
escalate privileges.

* CVE-2023-1118: Use-after-free in ENE eHome Receiver/Transceiver driver.

A logic error in the ENE integrated infrared receiver/transceiver leads
to a use-after-free. A local user can use this flaw to cause
denial-of-service or escalate privileges.

* CVE-2023-28466: Race condition in Transport Layer Security subsystem.

A race condition in the Transport Layer Security (TLS) subsystem between
getsockopt() and setsockopt() operations can lead to use-after-free or null
dereference. This can allow a local user to cause denial-of-service.

* CVE-2023-1989: Use-after free in Bluetooth SDIO driver.

A race condition in the Bluetooth SDIO driver's device removal path can
lead to a use-after-free scenario. This flaw could be exploited by a
malicious local user to cause a denial-of-service or other undefined
behavior.

* CVE-2022-4744: Privilege escalation in TUN/TAP device driver.

A flaw in the TUN/TAP device driver when freing a device could result in
a double-free. A local user could use this flaw for denial-of-service or
privilege escalation.

* CVE-2023-2248: Out-of-bounds memory access in sch_qfq driver.

An arithmetic error in the sch_qfq driver can lead to an out-of-bounds
memory access. A local attacker could exploit this flaw to leak
sensitive information or to cause other undefined behavior.

* CVE-2023-2513: Use-after-free during XFS extended attribute operations.

A logic error when setting certain extended attributes on an XFS
filesystem can result in a use-after-free scenario. This flaw could be
exploited by a malicious local attacker to cause a denial-of-service or
to aid in another type of attack.

* CVE-2023-32233: Use-after-free in Netfilter nf_tables packet classification framework.

Incorrect handling of anonymous sets in the Netfilter nf_tables packet
classification framework can lead to a use-after-free. This can allow a
local unprivileged user to perform arbitrary access to kernel memory and
escalate privileges.

Orabug: 35382084

* Note: Oracle will not provide a zero-downtime update for CVE-2023-1670.

Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.

CVE-2023-1670: Use-after free in Xircom PCMCIA ethernet driver.

A race condition when attempting to unload the Xircom ethernet driver
can lead to a use-after-free. This flaw could be exploited by a local
attacker to cause a denial-of-service or to escalate their privileges.

* Note: Oracle will not provide a zero-downtime update for CVE-2022-1679.

Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.

CVE-2022-1679: Use-after-free in Atheros ath9k wireless device driver.

Improper handling of some error conditions in Atheros ath9k wireless
device driver could lead to a use-after-free. A local user could use
this flaw to cause a denial of service or execute arbitrary code.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-25012.

Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.

CVE-2023-25012: Use-after-free in HID driver for BigBen Interactive Kids' gamepad.

Insufficient locking in the bigben HID driver can allow a malicious USB
device which advertises itself as a BigBen device to trigger a
use-after-free. This may allow a local user to cause memory corruption.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-2985.

Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.

CVE-2023-2985: Use-after-free in Apple Extended HFS file system support.

A flaw in HFS+ may lead to a use-after-free. A local user could use this
to cause a denial-of-service.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-1859.

Oracle has determined that the vulnerability does not affect a running
system because the vulnerable code is not compiled.

CVE-2023-1859: Use-after-free in Plan 9 Resource Sharing Xen Support.

A race condition in 9P Xen Support when removing the driver can lead to
a use-after-free. A local user could use this flaw to cause a denial of
service or elevate privileges on the system.

* CVE-2023-30456: Privilege escalation in Intel VMX subsystem for KVM.

Insufficient checking in Intel VMX system for KVM can allow a nested guest
to control values in the virtual machine control structure. This can allow a
local user to escalate privileges.

Orabug: 35278212

* CVE-2023-1079: Use-after-free in HID driver for Asus notebook built-in keyboard.

Insufficient locking the HID driver for Asus notebook built-in keyboard can
allow a malicious USB device which advertises itself as an Asus device to
trigger a use-after-free. This may allow a local user to cause memory
corruption.

* CVE-2023-1076: Permission bypass in tun/tap sockets.

Incorrect initialization in the tun/tap socket code could allow sockets
to be treated incorrectly in filtering and routing decisions. This could
allow bypassing of network filters.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-1990.

Oracle has determined that the vulnerability does not affect a
running system.

* CVE-2023-1855: Use-after-free in APM X-Gene SoC hardware monitoring driver.

A logic error in the APM X-Gene SoC hardware monitoring driver leads to a
use-after-free. A local user can use this flaw to cause denial-of-service or
leak information.

* Note: Oracle will not provide a zero-downtime update for CVE-2023-30772.

Oracle has determined that the vulnerability does not affect a
running system.

* CVE-2023-33203: Use-after-free in Qualcomm EMAC Gigabit Ethernet Driver.

Incorrect cleanup logic in the Qualcomm Ethernet Media Access Controller
(EMAC) Driver can cause a use-after-free when an emac based device is
removed. This can allow a user with physical access to escalate privileges
or cause undefined behavior.

* CVE-2023-2194: Insufficient input validation in APM X-Gene SoC I2C SLIMpro.

Insufficient user input validation in the APM X-Gene SoC I2C SLIMpro device
driver could allow writing beyond the end of a buffer. This could allow a
local privileged user to crash the system or execute incorrect code.

* CVE-2023-0590: Use-after-free in network scheduler.

A race condition in net scheduler when dropping the reference of a queue
discipline object in qdisc_graft() may lead to a use-after-free. A local
user could use this flaw to cause a denial-of-service.

* Allow accessing block trace files under lockdown mode.

The blktrace tool was not working in lockdown mode due to access prevention
of the debugfs blktrace trace files.

Orabug: 35262590

* Deadlock in the XFS filesystem when allocating an Allocation Group Free List.

A logic error in the XFS filesystem when allocating AGFLs could lead to a
deadlock. A local, unprivileged user could use this flaw to cause a
denial-of-service.

Orabug: 35475138

* CVE-2023-3220: Denial-of-service in the Snapdragon GPU driver.

A missing NULL pointer check in the Snapdragon GPU driver after allocating
a plane state structure could lead to a NULL pointer dereference. A local
user could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww@oracle.com.