RHSA-2014:0771: Important: kernel security and bug fix update

First published: Thu Jun 19 2014(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's futex subsystem handled</li> the requeuing of certain Priority Inheritance (PI) futexes. A local,<br>unprivileged user could use this flaw to escalate their privileges on the<br>system. (CVE-2014-3153, Important)<br><li> A flaw was found in the way the Linux kernel's floppy driver handled user</li> space provided data in certain error code paths while processing FDRAWCMD<br>IOCTL commands. A local user with write access to /dev/fdX could use this<br>flaw to free (using the kfree() function) arbitrary kernel memory.<br>(CVE-2014-1737, Important)<br><li> It was found that the Linux kernel's floppy driver leaked internal kernel</li> memory addresses to user space during the processing of the FDRAWCMD IOCTL<br>command. A local user with write access to /dev/fdX could use this flaw to<br>obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)<br>Note: A local user with write access to /dev/fdX could use these two flaws<br>(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their<br>privileges on the system.<br><li> It was discovered that the proc_ns_follow_link() function did not</li> properly return the LAST_BIND value in the last pathname component as is<br>expected for procfs symbolic links, which could lead to excessive freeing<br>of memory and consequent slab corruption. A local, unprivileged user could<br>use this flaw to crash the system. (CVE-2014-0203, Moderate)<br><li> A flaw was found in the way the Linux kernel handled exceptions when</li> user-space applications attempted to use the linkage stack. On IBM S/390<br>systems, a local, unprivileged user could use this flaw to crash the<br>system. (CVE-2014-2039, Moderate)<br><li> An invalid pointer dereference flaw was found in the Marvell 8xxx</li> Libertas WLAN (libertas) driver in the Linux kernel. A local user able to<br>write to a file that is provided by the libertas driver and located on the<br>debug file system (debugfs) could use this flaw to crash the system. Note:<br>The debugfs file system must be mounted locally to exploit this issue.<br>It is not mounted by default. (CVE-2013-6378, Low)<br><li> A denial of service flaw was discovered in the way the Linux kernel's</li> SELinux implementation handled files with an empty SELinux security<br>context. A local user who has the CAP_MAC_ADMIN capability could use this<br>flaw to crash the system. (CVE-2014-1874, Low)<br>Red Hat would like to thank Kees Cook of Google for reporting<br>CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738,<br>and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google<br>acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.<br>This update also fixes several bugs. Documentation for these changes will<br>be available shortly from the Technical Notes document linked to in the<br>References section.<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• anchor-id/RHSA-2014:0771
• package-manager/redhat