RHSA-2015:0695: Important: kernel security and bug fix update

First published: Tue Mar 17 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's SCTP implementation</li> validated INIT chunks when performing Address Configuration Change<br>(ASCONF). A remote attacker could use this flaw to crash the system by<br>sending a specially crafted SCTP packet to trigger a NULL pointer<br>dereference on the system. (CVE-2014-7841, Important)<br><li> It was found that the Linux kernel's Infiniband subsystem did not</li> properly sanitize input parameters while registering memory regions from<br>user space via the (u)verbs API. A local user with access to a<br>/dev/infiniband/uverbsX device could use this flaw to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2014-8159,<br>Important)<br><li> An integer overflow flaw was found in the way the Linux kernel's Frame</li> Buffer device implementation mapped kernel memory to user space via the<br>mmap syscall. A local user able to access a frame buffer device file<br>(/dev/fb*) could possibly use this flaw to escalate their privileges on the<br>system. (CVE-2013-2596, Important)<br><li> It was found that the parse_rock_ridge_inode_internal() function of the</li> Linux kernel's ISOFS implementation did not correctly check relocated<br>directories when processing Rock Ridge child link (CL) tags. An attacker<br>with physical access to the system could use a specially crafted ISO image<br>to crash the system or, potentially, escalate their privileges on the<br>system. (CVE-2014-5471, CVE-2014-5472, Low)<br>Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.<br>The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat.<br>This update also fixes the following bugs:<br><li> Previously, certain network device drivers did not accept ethtool</li> commands right after they were loaded. As a consequence, the current<br>setting of the specified device driver was not applied and an error message<br>was returned. The ETHTOOL_DELAY variable has been added, which makes sure<br>the ethtool utility waits for some time before it tries to apply the<br>options settings, thus fixing the bug. (BZ#1138299)<br><li> During the memory allocation for a new socket to communicate to the</li> server, the rpciod daemon released a clean page which needed to be<br>committed. However, the commit was queueing indefinitely as the commit<br>could only be provided with a socket connection. As a consequence, a<br>deadlock occurred in rpciod. This update sets the PF_FSTRANS flag on the<br>work queue task prior to the socket allocation, and adds the<br>nfs_release_page check for the flag when deciding whether to make a commit<br>call, thus fixing this bug. (BZ#1192326)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:0695
• package-manager/redhat