RHSA-2014:0786: Important: kernel security, bug fix, and enhancement update

First published: Tue Jun 24 2014(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's futex subsystem handled</li> the requeuing of certain Priority Inheritance (PI) futexes. A local,<br>unprivileged user could use this flaw to escalate their privileges on the<br>system. (CVE-2014-3153, Important)<br><li> A use-after-free flaw was found in the way the ping_init_sock() function</li> of the Linux kernel handled the group_info reference counter. A local,<br>unprivileged user could use this flaw to crash the system or, potentially,<br>escalate their privileges on the system. (CVE-2014-2851, Important)<br><li> Use-after-free and information leak flaws were found in the way the</li> Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local<br>user with write access to /dev/fdX could use these flaws to escalate their<br>privileges on the system. (CVE-2014-1737, CVE-2014-1738, Important)<br><li> It was found that the aio_read_events_ring() function of the Linux</li> kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO<br>ring head received from user space. A local, unprivileged user could use<br>this flaw to disclose random parts of the (physical) memory belonging to<br>the kernel and/or other processes. (CVE-2014-0206, Moderate)<br><li> An out-of-bounds memory access flaw was found in the Netlink Attribute</li> extension of the Berkeley Packet Filter (BPF) interpreter functionality in<br>the Linux kernel's networking implementation. A local, unprivileged user<br>could use this flaw to crash the system or leak kernel memory to user space<br>via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145,<br>Moderate)<br><li> An information leak flaw was found in the way the skb_zerocopy() function</li> copied socket buffers (skb) that are backed by user-space buffers (for<br>example vhost-net and Xen netback), potentially allowing an attacker to<br>read data from those buffers. (CVE-2014-2568, Low)<br>Red Hat would like to thank Kees Cook of Google for reporting<br>CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738.<br>Google acknowledges Pinkie Pie as the original reporter of<br>CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of<br>Red Hat.<br>This update also fixes the following bugs:<br><li> Due to incorrect calculation of Tx statistics in the qlcninc driver,</li> running the "ethtool -S ethX" command could trigger memory corruption.<br>As a consequence, running the sosreport tool, that uses this command,<br>resulted in a kernel panic. The problem has been fixed by correcting the<br>said statistics calculation. (BZ#1104972)<br><li> When an attempt to create a file on the GFS2 file system failed due to a</li> file system quota violation, the relevant VFS inode was not completely<br>uninitialized. This could result in a list corruption error. This update<br>resolves this problem by correctly uninitializing the VFS inode in this<br>situation. (BZ#1097407)<br><li> Due to a race condition in the kernel, the getcwd() system call could</li> return "/" instead of the correct full path name when querying a path name<br>of a file or directory. Paths returned in the "/proc" file system could<br>also be incorrect. This problem was causing instability of various<br>applications. The aforementioned race condition has been fixed and getcwd()<br>now always returns the correct paths. (BZ#1099048)<br>In addition, this update adds the following enhancements:<br><li> The kernel mutex code has been improved. The changes include improved</li> queuing of the MCS spin locks, the MCS code optimization, introduction of<br>the cancellable MCS spin locks, and improved handling of mutexes without<br>wait locks. (BZ#1103631, BZ#1103629)<br><li> The handling of the Virtual Memory Area (VMA) cache and huge page faults</li> has been improved. (BZ#1103630)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues and add these<br>enhancements. The system must be rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:0786
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat