RHSA-2014:0740: Important: kernel security and bug fix update

First published: Tue Jun 10 2014(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's floppy driver handled user</li> space provided data in certain error code paths while processing FDRAWCMD<br>IOCTL commands. A local user with write access to /dev/fdX could use this<br>flaw to free (using the kfree() function) arbitrary kernel memory.<br>(CVE-2014-1737, Important)<br><li> It was found that the Linux kernel's floppy driver leaked internal kernel</li> memory addresses to user space during the processing of the FDRAWCMD IOCTL<br>command. A local user with write access to /dev/fdX could use this flaw to<br>obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)<br>Note: A local user with write access to /dev/fdX could use these two flaws<br>(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their<br>privileges on the system.<br><li> A NULL pointer dereference flaw was found in the rds_ib_laddr_check()</li> function in the Linux kernel's implementation of Reliable Datagram Sockets<br>(RDS). A local, unprivileged user could use this flaw to crash the system.<br>(CVE-2013-7339, Moderate)<br>Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and<br>CVE-2014-1738.<br>This update also fixes the following bugs:<br><li> A bug in the futex system call could result in an overflow when passing</li> a very large positive timeout. As a consequence, the FUTEX_WAIT operation<br>did not work as intended and the system call was timing out immediately.<br>A backported patch fixes this bug by limiting very large positive timeouts<br>to the maximal supported value. (BZ#1091832)<br><li> A new Linux Security Module (LSM) functionality related to the setrlimit</li> hooks should produce a warning message when used by a third party module<br>that could not cope with it. However, due to a programming error, the<br>kernel could print this warning message when a process was setting rlimits<br>for a different process, or if rlimits were modified by another than the<br>main thread even though there was no incompatible third party module. This<br>update fixes the relevant code and ensures that the kernel handles this<br>warning message correctly. (BZ#1092869)<br><li> Previously, the kernel was unable to detect KVM on system boot if the</li> Hyper-V emulation was enabled. A patch has been applied to ensure that<br>both KVM and Hyper-V hypervisors are now correctly detected during system<br>boot. (BZ#1094152)<br><li> A function in the RPC code responsible for verifying whether cached</li> credentials match the current process did not perform the check correctly.<br>The code checked only whether the groups in the current process<br>credentials appear in the same order as in the cached credentials but did<br>not ensure that no other groups are present in the cached credentials. As<br>a consequence, when accessing files in NFS mounts, a process with the same<br>UID and GID as the original process but with a non-matching group list<br>could have been granted an unauthorized access to a file, or under certain<br>circumstances, the process could have been wrongly prevented from<br>accessing the file. The incorrect test condition has been fixed and the<br>problem can no longer occur. (BZ#1095062)<br><li> When being under heavy load, some Fibre Channel storage devices, such as</li> Hitachi and HP Open-V series, can send a logout (LOGO) message to the<br>host system. However, due to a bug in the lpfc driver, this could result<br>in a loss of active paths to the storage and the paths could not be<br>recovered without manual intervention. This update corrects the lpfc<br>driver to ensure automatic recovery of the lost paths to the storage in<br>this scenario. (BZ#1096061)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:0740
• agent/severity
• agent/references
• agent/title
• agent/weakness
• agent/tags
• agent/description
• agent/type
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/remedy
• package-manager/redhat