RHSA-2012:0333: Important: kernel-rt security and bug fix update

First published: Thu Feb 23 2012(Updated: )

These packages contain the Linux kernel.<br>Security fixes:<br><li> SG_IO ioctl SCSI requests on partitions or LVM volumes could be passed to</li> the underlying block device, allowing a privileged user to bypass<br>restrictions and gain read and write access (and be able to issue other<br>SCSI commands) to the entire block device. (CVE-2011-4127, Important)<br><li> A local, unprivileged user could use an integer overflow flaw in</li> drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their<br>privileges. (CVE-2012-0044, Important)<br><li> A local, unprivileged user could use a flaw in the Performance Events</li> implementation to cause a denial of service. (CVE-2011-2918, Moderate)<br><li> A local, unprivileged user could use flaws in the XFS file system</li> implementation to cause a denial of service or escalate their privileges by<br>mounting a specially-crafted disk. (CVE-2011-4077, CVE-2012-0038, Moderate)<br><li> A local, unprivileged user could use a flaw in the Out of Memory (OOM)</li> killer to monopolize memory, have their process skipped by the OOM killer,<br>or cause other tasks to be terminated. (CVE-2011-4097, Moderate)<br><li> A local, unprivileged user could use a flaw in the key management</li> facility to cause a denial of service. (CVE-2011-4110, Moderate)<br><li> A malicious Network File System version 4 (NFSv4) server could return a</li> crafted reply to a GETACL request, causing a denial of service on the<br>client. (CVE-2011-4131, Moderate)<br><li> A local attacker could use a flaw in the Journaling Block Device (JBD) to</li> crash the system by mounting a specially-crafted ext3 or ext4 disk.<br>(CVE-2011-4132, Moderate)<br><li> A flaw in igmp_heard_query() could allow an attacker, who is able to send</li> certain IGMP (Internet Group Management Protocol) packets to a target<br>system, to cause a denial of service. (CVE-2012-0207, Moderate)<br><li> If lock contention during signal sending occurred when in a software</li> interrupt handler that is using the per-CPU debug stack, the task could be<br>scheduled out on the realtime kernel, possibly leading to debug stack<br>corruption. A local, unprivileged user could use this flaw to cause a<br>denial of service. (CVE-2012-0810, Moderate)<br>Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044;<br>Wang Xi for reporting CVE-2012-0038; Shubham Goyal for reporting<br>CVE-2011-4097; Andy Adamson for reporting CVE-2011-4131; and Simon McVittie<br>for reporting CVE-2012-0207.<br>Bug fixes:<br><li> When a sleeping task, waiting on a futex (fast userspace mutex), tried to</li> get the spin_lock(hb-&gt;lock) RT-mutex, if the owner of the futex released<br>the lock, the sleeping task was put on a futex proxy lock. Consequently,<br>the sleeping task was blocked on two locks and eventually terminated in the<br>BUG_ON() function. With this update, the WAKEUP_INPROGRESS pseudo-lock has<br>been added to be used as a proxy lock. This pseudo-lock tells the sleeping<br>task that it is being woken up so that the task no longer tries to get the<br>second lock. Now, the futex code works as expected and sleeping tasks no<br>longer crash in the described scenario. (BZ#784733)<br><li> When the CONFIG_CRYPTO_FIPS configuration option was disabled, some</li> services such as sshd and ipsec, while working properly, returned warning<br>messages regarding this missing option during start up. With this update,<br>CONFIG_CRYPTO_FIPS has been enabled and no warning messages are now<br>returned in the described scenario. (BZ#786145)<br><li> Previously, when a read operation on a loop device failed, the data</li> successfully read from the device was not cleared and could eventually<br>leak. This bug has been fixed and all data are now properly cleared in the<br>described scenario. (BZ#761420)<br><li> Due to an assembler-sourced object, the perf utility (from the perf-rt</li> package) for AMD64 and Intel 64 architectures contained an executable<br>stack. This update adds the ".note.GNU-stack" section definition to the<br>bench/mem-memcpy-x86-64-asm.S component of perf, with all flags disabled,<br>and perf no longer contains an executable stack, thus fixing this bug.<br>(BZ#783570)<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2012:0333
• package-manager/redhat