Synopsis: ELSA-2022-0620 can now be patched using Ksplice CVEs: CVE-2020-0465 CVE-2020-0466 CVE-2021-0920 CVE-2021-3564 CVE-2021-3573 CVE-2021-3752 CVE-2021-4034 CVE-2021-4155 CVE-2022-0330 CVE-2022-22942
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2022-0620. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2022-0620.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running RHCK 7 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2021-4034: Privilege escalation in pkexec. Incorrect input validation in the pkexec program (part of Polkit) allows any local user to become root. * CVE-2021-4155: Data leak in XFS filesystem. The XFS filesystem does not correctly initialize certain data blocks. This could allow data leaks to unprivileged users. * CVE-2021-3573: Code execution in the bluetooth subsystem due to use-after-free. Improper handling of HCI device detach events in the bluetooth subsystem could leading to a use-after-free. A local user could use this flaw to cause a denial of service or possibly execute arbitrary code. * CVE-2020-0465: Out-of-bounds writes in the USB HID stack. Lack of untrusted input validation in the USB HID stack could lead to an out-of-bounds memory write. Untrusted HID devices could use this flaw to cause a denial-of-service or potentially get kernel execution. * CVE-2021-3564: Denial-of-service in bluetooth subsystem. An ordering issue whilst handling data flushes may lead to a double-free. This could allow a local attacker to cause a denial-of-service. * CVE-2021-0920: Privilege escalation in BSD Unix domain sockets. Lack of synchonization in BSD Unix domain sockets module could result in a use after free error. A local user could use this flaw to cause denial-of-service or priviledges escalation. * CVE-2020-0466: Use-after-free when creating a new epoll instance. Lack of reference counting on underlying files used by the epoll subsystem could lead to a use-after-free if the files are concurrently removed. An unprivileged user could use this flaw to cause a denial-of-service or potentially escalate privileges. * CVE-2022-22942: Use-after-free in VMware Virtual GPU driver. Improper error handling flaw in VMware Virtual GPU driver could lead to a stale entry to be left in the file descriptor table resulting in use-after-free. Unprivileged, local users could use this flaw in order to gain access to files opened by other processes on the system through a dangling file pointer and cause information disclosure or privilege escalation. * CVE-2021-3752: Use-after-free in the Bluetooth subsystem. A use-after-free exists in the Bluetooth subsystem in the way a user connects and disconnects from a socket. A local unprivileged user could use this flaw to cause a denial-of-service or potentially escalate privileges. * Note: Oracle will not provide a zero-downtime update for CVE-2022-0330. Oracle has determined that patching CVE-2022-0330 on a running system would not be safe. The issue occurs only if a local user has privileges to access the i915 Intel GPU and the user is running malicious code on it. Oracle recommends a reboot to mitigate these issues if the host is affected. SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
