Synopsis: ELSA-2021-3801 can now be patched using Ksplice CVEs: CVE-2021-22543 CVE-2021-3653 CVE-2021-3656 CVE-2021-37576
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2021-3801. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2021-3801.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * Note: Oracle has determined that CVE-2021-37576 is not applicable. The kernel is not affected by CVE-2021-37576 since the code under consideration is not compiled. * CVE-2021-22543: Privilege escalation in KVM due to RO page check bypass. The reference counts of VM_IO|VM_PFNMAP pages can be manipulated to cause a deliberate use-after-free. This can be manipulated to cause writes to arbitrary memory pages, allowing a malicious user with the ability to create virtual machines to escalate their privileges. * CVE-2021-3656, CVE-2021-3653: Privilege escalation in the AMD SVM L2 guests handling. Multiple security bypasses potentially allow L2 guests to read/write host physical memory. An untrusted L1 guest running on certain AMD CPUs could use these flaws to run with full ring zero privileges. SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
