RHSA-2014:1763: Important: kernel security update

First published: Thu Oct 30 2014(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's futex subsystem handled</li> reference counting when requeuing futexes during futex_wait(). A local,<br>unprivileged user could use this flaw to zero out the reference counter of<br>an inode or an mm struct that backs up the memory area of the futex, which<br>could lead to a use-after-free flaw, resulting in a system crash or,<br>potentially, privilege escalation. (CVE-2014-0205)<br><li> A NULL pointer dereference flaw was found in the way the Linux kernel's</li> Stream Control Transmission Protocol (SCTP) implementation handled<br>simultaneous connections between the same hosts. A remote attacker could<br>use this flaw to crash the system. (CVE-2014-5077)<br>The security impact of the CVE-2014-0205 issue was discovered by Mateusz<br>Guzik of Red Hat.<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2014:1763
• package-manager/redhat