RHSA-2015:0102: Important: kernel security and bug fix update

First published: Wed Jan 28 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's SCTP implementation</li> validated INIT chunks when performing Address Configuration Change<br>(ASCONF). A remote attacker could use this flaw to crash the system by<br>sending a specially crafted SCTP packet to trigger a NULL pointer<br>dereference on the system. (CVE-2014-7841, Important)<br><li> A race condition flaw was found in the way the Linux kernel's mmap(2),</li> madvise(2), and fallocate(2) system calls interacted with each other while<br>operating on virtual memory file system files. A local user could use this<br>flaw to cause a denial of service. (CVE-2014-4171, Moderate)<br><li> A NULL pointer dereference flaw was found in the way the Linux kernel's</li> Common Internet File System (CIFS) implementation handled mounting of file<br>system shares. A remote attacker could use this flaw to crash a client<br>system that would mount a file system share from a malicious server.<br>(CVE-2014-7145, Moderate)<br><li> A flaw was found in the way the Linux kernel's splice() system call</li> validated its parameters. On certain file systems, a local, unprivileged<br>user could use this flaw to write past the maximum file size, and thus<br>crash the system. (CVE-2014-7822, Moderate)<br><li> It was found that the parse_rock_ridge_inode_internal() function of the</li> Linux kernel's ISOFS implementation did not correctly check relocated<br>directories when processing Rock Ridge child link (CL) tags. An attacker<br>with physical access to the system could use a specially crafted ISO image<br>to crash the system or, potentially, escalate their privileges on the<br>system. (CVE-2014-5471, CVE-2014-5472, Low)<br>Red Hat would like to thank Akira Fujita of NEC for reporting the<br>CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of<br>Red Hat.<br>This update also fixes the following bugs:<br><li> Previously, a kernel panic could occur if a process reading from a locked</li> NFS file was killed and the lock was not released properly before the read<br>operations finished. Consequently, the system crashed. The code handling<br>file locks has been fixed, and instead of halting, the system now emits a<br>warning about the unreleased lock. (BZ#1172266)<br><li> A race condition in the command abort handling logic of the ipr device</li> driver could cause the kernel to panic when the driver received a response<br>to an abort command prior to receiving other responses to the aborted<br>command due to the support for multiple interrupts. With this update, the<br>abort handler waits for the aborted command's responses first before<br>completing an abort operation. (BZ#1162734)<br><li> Previously, a race condition could occur when changing a Page Table Entry</li> (PTE) or a Page Middle Directory (PMD) to "pte_numa" or "pmd_numa",<br>respectively, causing the kernel to crash. This update removes the BUG_ON()<br>macro from the __handle_mm_fault() function, preventing the kernel panic in<br>the aforementioned scenario. (BZ#1170662)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:0102
• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• package-manager/redhat