RHSA-2015:0782: Important: kernel security and bug fix update

First published: Tue Apr 07 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> It was found that the Linux kernel's Infiniband subsystem did not</li> properly sanitize input parameters while registering memory regions from<br>user space via the (u)verbs API. A local user with access to a<br>/dev/infiniband/uverbsX device could use this flaw to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2014-8159,<br>Important)<br><li> A use-after-free flaw was found in the way the Linux kernel's SCTP</li> implementation handled authentication key reference counting during INIT<br>collisions. A remote attacker could use this flaw to crash the system or,<br>potentially, escalate their privileges on the system. (CVE-2015-1421,<br>Important)<br><li> An integer overflow flaw was found in the way the Linux kernel's Frame</li> Buffer device implementation mapped kernel memory to user space via the<br>mmap syscall. A local user able to access a frame buffer device file<br>(/dev/fb*) could possibly use this flaw to escalate their privileges on the<br>system. (CVE-2013-2596, Important)<br><li> It was found that the Linux kernel's KVM implementation did not ensure</li> that the host CR4 control register value remained unchanged across VM<br>entries on the same virtual CPU. A local, unprivileged user could use this<br>flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate)<br><li> It was found that the parse_rock_ridge_inode_internal() function of the</li> Linux kernel's ISOFS implementation did not correctly check relocated<br>directories when processing Rock Ridge child link (CL) tags. An attacker<br>with physical access to the system could use a specially crafted ISO image<br>to crash the system or, potentially, escalate their privileges on the<br>system. (CVE-2014-5471, CVE-2014-5472, Low)<br><li> A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge</li> DEC USB device driver. A local user with write access to the corresponding<br>device could use this flaw to crash the kernel or, potentially, elevate<br>their privileges on the system. (CVE-2014-8884, Low)<br>Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and Andy<br>Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue was<br>discovered by Sun Baoliang of Red Hat.<br>This update also fixes the following bugs:<br><li> Previously, a NULL pointer check that is needed to prevent an oops in the</li> nfs_async_inode_return_delegation() function was removed. As a consequence,<br>a NFS4 client could terminate unexpectedly. The missing NULL pointer check<br>has been added back, and NFS4 client no longer crashes in this situation.<br>(BZ#1187638)<br><li> Due to unbalanced multicast join and leave processing, the attempt to</li> leave a multicast group that had not previously completed a join became<br>unresponsive. This update resolves multiple locking issues in the IPoIB<br>multicast code that allowed multicast groups to be left before the joining<br>was entirely completed. Now, multicast join and leave failures or lockups<br>no longer occur in the described situation. (BZ#1187663)<br><li> A failure to leave a multicast group which had previously been joined</li> prevented the attempt to unregister from the "sa" service. Multiple locking<br>issues in the IPoIB multicast join and leave processing have been fixed so<br>that leaving a group that has completed its join process is successful.<br>As a result, attempts to unregister from the "sa" service no longer lock up<br>due to leaked resources. (BZ#1187665)<br><li> Due to a regression, when large reads which partially extended beyond the</li> end of the underlying device were done, the raw driver returned the EIO<br>error code instead of returning a short read covering the valid part of the<br>device. The underlying source code has been patched, and the raw driver now<br>returns a short read for the remainder of the device. (BZ#1195746)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:0782
• package-manager/redhat