RHSA-2011:1350: Important: kernel security, bug fix, and enhancement update

First published: Wed Oct 05 2011(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br>This update fixes the following security issues:<br><li> Flaws in the AGPGART driver implementation when handling certain IOCTL</li> commands could allow a local user to cause a denial of service or escalate<br>their privileges. (CVE-2011-1745, CVE-2011-2022, Important)<br><li> An integer overflow flaw in agp_allocate_memory() could allow a local</li> user to cause a denial of service or escalate their privileges.<br>(CVE-2011-1746, Important)<br><li> A race condition flaw was found in the Linux kernel's eCryptfs</li> implementation. A local attacker could use the mount.ecryptfs_private<br>utility to mount (and then access) a directory they would otherwise not<br>have access to. Note: To correct this issue, the RHSA-2011:1241<br>ecryptfs-utils update, which provides the user-space part of the fix, must<br>also be installed. (CVE-2011-1833, Moderate)<br><li> A denial of service flaw was found in the way the taskstats subsystem</li> handled the registration of process exit handlers. A local, unprivileged<br>user could register an unlimited amount of these handlers, leading to<br>excessive CPU time and memory use. (CVE-2011-2484, Moderate)<br><li> A flaw was found in the way mapping expansions were handled. A local,</li> unprivileged user could use this flaw to cause a wrapping condition,<br>triggering a denial of service. (CVE-2011-2496, Moderate)<br><li> A flaw was found in the Linux kernel's Performance Events implementation.</li> It could falsely lead the NMI (Non-Maskable Interrupt) Watchdog to detect a<br>lockup and panic the system. A local, unprivileged user could use this flaw<br>to cause a denial of service (kernel panic) using the perf tool.<br>(CVE-2011-2521, Moderate)<br><li> A flaw in skb_gro_header_slow() in the Linux kernel could lead to GRO</li> (Generic Receive Offload) fields being left in an inconsistent state. An<br>attacker on the local network could use this flaw to trigger a denial of<br>service. GRO is enabled by default in all network drivers that support it.<br>(CVE-2011-2723, Moderate)<br><li> A flaw was found in the way the Linux kernel's Performance Events</li> implementation handled PERF_COUNT_SW_CPU_CLOCK counter overflow. A local,<br>unprivileged user could use this flaw to cause a denial of service.<br>(CVE-2011-2918, Moderate)<br><li> A flaw was found in the Linux kernel's Trusted Platform Module (TPM)</li> implementation. A local, unprivileged user could use this flaw to leak<br>information to user-space. (CVE-2011-1160, Low)<br><li> Flaws were found in the tpacket_rcv() and packet_recvmsg() functions in</li> the Linux kernel. A local, unprivileged user could use these flaws to leak<br>information to user-space. (CVE-2011-2898, Low)<br>Red Hat would like to thank Vasiliy Kulikov of Openwall for reporting<br>CVE-2011-1745, CVE-2011-2022, CVE-2011-1746, and CVE-2011-2484; the Ubuntu<br>Security Team for reporting CVE-2011-1833; Robert Swiecki for reporting<br>CVE-2011-2496; Li Yu for reporting CVE-2011-2521; Brent Meshier for<br>reporting CVE-2011-2723; and Peter Huewe for reporting CVE-2011-1160. The<br>Ubuntu Security Team acknowledges Vasiliy Kulikov of Openwall and Dan<br>Rosenberg as the original reporters of CVE-2011-1833.<br>This update also fixes various bugs and adds one enhancement. Documentation<br>for these changes will be available shortly from the Technical Notes<br>document linked to in the References section.<br>Users should upgrade to these updated packages, which contain backported<br>patches to correct these issues, and fix the bugs and add the enhancement<br>noted in the Technical Notes. The system must be rebooted for this update<br>to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2011:1350
• package-manager/redhat