Synopsis: ELSA-2022-9264 can now be patched using Ksplice CVEs: CVE-2020-36516 CVE-2022-0617 CVE-2022-1016 CVE-2022-1158 CVE-2022-22942 CVE-2022-24448 CVE-2022-26966
Users with Oracle Linux Premier Support can now use Ksplice to patch against the latest Oracle Linux Security Advisory, ELSA-2022-9264. More information about this errata can be found at https://linux.oracle.com/errata/ELSA-2022-9264.html INSTALLING THE UPDATES We recommend that all users of Ksplice Uptrack running UEKR6 5.4.17 on OL7 and OL8 install these updates. On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf, these updates will be installed automatically and you do not need to take any action. Alternatively, you can install these updates by running: # /usr/sbin/uptrack-upgrade -y DESCRIPTION * CVE-2022-1158: Use-after-free in the KVM subsystem. A flaw in the KVM subsystem may allow a guest virtual machine to trigger a use-after-free exception. This may lead to denial-of-service and possible loss of system confidentiality. Orabug: 34023597 * CVE-2022-24448: Information leak when NFSv4 directory lookup fails. If an open is performed with O_DIRECTORY on a regular file mounted over NFSv4, the returned file descriptor will be uninitialized, potentially leaking sensitive kernel information. Orabug: 33958154 * CVE-2022-22942: Use-after-free in VMware Virtual GPU driver. Improper error handling flaw in VMware Virtual GPU driver could lead to a stale entry to be left in the file descriptor table resulting in use-after-free. Unprivileged, local users could use this flaw in order to gain access to files opened by other processes on the system through a dangling file pointer and cause information disclosure or privilege escalation. Orabug: 33840432 * CVE-2022-0617: NULL-pointer dereference when processing UDF metadata. When converting a UDF filesystem control block to its expanded form, an invalid block could result in a NULL callback being invoked, resulting in a system crash. A malicious user or filesystem image might exploit this to cause a denial-of-service. Orabug: 33870266 * CVE-2022-26966: Information disclosure in CoreChip SR9700 USB 10/100 Ethernet adapter. A missing sanity check flaw in CoreChip SR9700 USB 10/100 Ethernet adapter could result in sensitive information leaking from heap memory to user space. A local user could use this flaw for information disclosure. Orabug: 33962705 * Don't flush cache if hardware enforces cache coherency across encryption domains. In some hardware implementations, coherency between the encrypted and unencrypted mappings of the same physical page in a VM is enforced. In such a system, it is not required for software to flush the VM's page from all CPU caches in the system prior to changing the value of the C-bit for the page. Orabug: 33921125 * CVE-2020-36516: Multiple vulnerabilities in TCP/IP protocol. The mixed IPID assignment method with the hash-based IPID assignment policy could allow an attacker to perform a Man-in-the-Middle Attack. A remote attacker could use this flaw to pretend to be the sender of the TCP/IP packet for an existing TCP/IP session and inject data into the TCP session or terminate that session. Orabug: 33917056 * Reinitialize logbuf lock if CPU is halted while holding the lock. If a CPU is halted while holding logbuf_lock, then subsequent printk() operations on the panic CPU will deadlock. Add a helper to reinitialize the logbuf locks and do this before calling panic notifiers, to reduce the chance of a deadlock. Orabug: 33740420 * CVE-2022-1016: Information leak in the netfilter subsystem. A flaw in the netfilter subsystem result in a use-after-free. This may allow a local unprivileged user to cause an information leak, resulting in loss of system confidentiality. Orabug: 34035701 SUPPORT Ksplice support is available at [email protected]. _______________________________________________ El-errata mailing list [email protected] https://oss.oracle.com/mailman/listinfo/el-errata
