ID CVE-2012-1179
Summary The Linux kernel before 3.3.1, when KVM is used, allows guest OS users to cause a denial of service (host OS crash) by leveraging administrative access to the guest OS, related to the pmd_none_or_clear_bad function and page faults for huge pages.
References
Vulnerable Configurations
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
CVSS
Base: 5.2 (as of 17-05-2012 - 13:40)
Impact:
Exploitability:
CWE CWE-264
CAPEC
  • Accessing, Modifying or Executing Executable Files
    An attack of this type exploits a system's configuration that allows an attacker to either directly access an executable file, for example through shell access; or in a possible worst case allows an attacker to upload a file and then execute it. Web servers, ftp servers, and message oriented middleware systems which have many integration points are particularly vulnerable, because both the programmers and the administrators must be in synch regarding the interfaces and the correct privileges for each interface.
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Blue Boxing
    This type of attack against older telephone switches and trunks has been around for decades. A tone is sent by an adversary to impersonate a supervisor signal which has the effect of rerouting or usurping command of the line. While the US infrastructure proper may not contain widespread vulnerabilities to this type of attack, many companies are connected globally through call centers and business process outsourcing. These international systems may be operated in countries which have not upgraded Telco infrastructure and so are vulnerable to Blue boxing. Blue boxing is a result of failure on the part of the system to enforce strong authorization for administrative functions. While the infrastructure is different than standard current applications like web applications, there are historical lessons to be learned to upgrade the access control for administrative functions.
  • Restful Privilege Elevation
    Rest uses standard HTTP (Get, Put, Delete) style permissions methods, but these are not necessarily correlated generally with back end programs. Strict interpretation of HTTP get methods means that these HTTP Get services should not be used to delete information on the server, but there is no access control mechanism to back up this logic. This means that unless the services are properly ACL'd and the application's service implementation are following these guidelines then an HTTP request can easily execute a delete or update on the server side. The attacker identifies a HTTP Get URL such as http://victimsite/updateOrder, which calls out to a program to update orders on a database or other resource. The URL is not idempotent so the request can be submitted multiple times by the attacker, additionally, the attacker may be able to exploit the URL published as a Get method that actually performs updates (instead of merely retrieving data). This may result in malicious or inadvertent altering of data on the server.
  • Target Programs with Elevated Privileges
    This attack targets programs running with elevated privileges. The attacker would try to leverage a bug in the running program and get arbitrary code to execute with elevated privileges. For instance an attacker would look for programs that write to the system directories or registry keys (such as HKLM, which stores a number of critical Windows environment variables). These programs are typically running with elevated privileges and have usually not been designed with security in mind. Such programs are excellent exploit targets because they yield lots of power when they break. The malicious user try to execute its code at the same level as a privileged system call.
  • Manipulating Input to File System Calls
    An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-3715.NASL
    description Update to the 3.2.10 stable release, which contains a number of fixes across the kernel. Fixes CVE-2012-1146 Fixes CVE-2012-1179 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58488
    published 2012-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58488
    title Fedora 15 : kernel-2.6.42.12-1.fc15 (2012-3715)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2012-0042.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : - Fix bug number for commit 'cciss: Update HPSA_BOUNDARY' (Joe Jin) [Orabug: 14681166] - cciss: Update HPSA_BOUNDARY. (Joe Jin) [Orabug: 14319765] - KVM: introduce kvm_for_each_memslot macro (Maxim Uvarov) [Bugdb: 13966] - dl2k: Clean up rio_ioctl (Jeff Mahoney) [Orabug: 14126896] (CVE-2012-2313) - NFSv4: include bitmap in nfsv4 get acl data (Andy Adamson) (CVE-2011-4131) - KVM: Fix buffer overflow in kvm_set_irq (Avi Kivity) [Bugdb: 13966] (CVE-2012-2137) - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb (Jason Wang) [Bugdb: 13966] (CVE-2012-2136) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (Andrea Arcangeli) [Bugdb: 13966] (CVE-2012-2373) - KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb: 13966] (CVE-2012-2121) - KVM: unmap pages from the iommu when slots are removed (Maxim Uvarov) [Bugdb: 13966] (CVE-2012-2121) - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] (CVE-2012-2123) - tilegx: enable SYSCALL_WRAPPERS support (Chris Metcalf) (CVE-2009-0029) - drm/i915: fix integer overflow in i915_gem_do_execbuffer (Xi Wang) [Orabug: 14107456] (CVE-2012-2384) - drm/i915: fix integer overflow in i915_gem_execbuffer2 (Xi Wang) [Orabug: 14107445] (CVE-2012-2383) - [dm] do not forward ioctls from logical volumes to the underlying device (Joe Jin) (CVE-2011-4127) - [block] fail SCSI passthrough ioctls on partition devices (Joe Jin) (CVE-2011-4127) - [block] add and use scsi_blk_cmd_ioctl (Joe Jin) [Orabug: 14056755] (CVE-2011-4127) - KVM: Ensure all vcpus are consistent with in-kernel irqchip settings (Avi Kivity) [Bugdb: 13871] (CVE-2012-1601) - regset: Return -EFAULT, not -EIO, on host-side memory fault (H. Peter Anvin) (CVE-2012-1097) - regset: Prevent null pointer reference on readonly regsets (H. Peter Anvin) (CVE-2012-1097) - cifs: fix dentry refcount leak when opening a FIFO on lookup (Jeff Layton) (CVE-2012-1090) - mm: thp: fix pmd_bad triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) (CVE-2012-1179) - ext4: fix undefined behavior in ext4_fill_flex_info (Xi Wang) (CVE-2009-4307) - ocfs2: clear unaligned io flag when dio fails (Junxiao Bi) [Orabug: 14063941] - aio: make kiocb->private NUll in init_sync_kiocb (Junxiao Bi) [Orabug: 14063941] - igb: Fix for Alt MAC Address feature on 82580 and later devices (Carolyn Wyborny) [Orabug: 14258706] - igb: Alternate MAC Address Updates for Func2&3 (Akeem G. Abodunrin) [Orabug: 14258706] - igb: Alternate MAC Address EEPROM Updates (Akeem G. Abodunrin) [Orabug: 14258706] - cciss: only enable cciss_allow_hpsa when for ol5 (Joe Jin) [Orabug: 14106006] - Revert 'cciss: remove controllers supported by hpsa' (Joe Jin) [Orabug: 14106006] - [scsi] hpsa: add all support devices for ol5 (Joe Jin) [Orabug: 14106006] - Disable VLAN 0 tagging for none VLAN traffic (Adnan Misherfi) [Orabug: 14406424] - x86: Add Xen kexec control code size check to linker script (Daniel Kiper) - drivers/xen: Export vmcoreinfo through sysfs (Daniel Kiper) - x86/xen/enlighten: Add init and crash kexec/kdump hooks (Maxim Uvarov) - x86/xen: Add kexec/kdump makefile rules (Daniel Kiper) - x86/xen: Add x86_64 kexec/kdump implementation (Daniel Kiper) - x86/xen: Add placeholder for i386 kexec/kdump implementation (Daniel Kiper) - x86/xen: Register resources required by kexec-tools (Daniel Kiper) - x86/xen: Introduce architecture dependent data for kexec/kdump (Daniel Kiper) - xen: Introduce architecture independent data for kexec/kdump (Daniel Kiper) - x86/kexec: Add extra pointers to transition page table PGD, PUD, PMD and PTE (Daniel Kiper) - kexec: introduce kexec_ops struct (Daniel Kiper) - SPEC: replace DEFAULTKERNEL from kernel-ovs to kernel-uek
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 79484
    published 2014-11-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79484
    title OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-1042.NASL
    description Updated kernel packages that fix various security issues and three bugs are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * It was found that the kvm_vm_ioctl_assign_device() function in the KVM (Kernel-based Virtual Machine) subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A local, unprivileged user on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347, Moderate) * A flaw was found in the way the Linux kernel's XFS file system implementation handled on-disk Access Control Lists (ACLs). A local, unprivileged user could use this flaw to cause a denial of service or escalate their privileges by mounting a specially crafted disk. (CVE-2012-0038, Moderate) * It was found that the Linux kernel's register set (regset) common infrastructure implementation did not check if the required get and set handlers were initialized. A local, unprivileged user could use this flaw to cause a denial of service by performing a register set operation with a ptrace() PTRACE_SETREGSET or PTRACE_GETREGSET request. (CVE-2012-1097, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044; Sasha Levin for reporting CVE-2011-4347; Wang Xi for reporting CVE-2012-0038; and H. Peter Anvin for reporting CVE-2012-1097. This update also fixes the following bugs : * When a RoCE (RDMA over Converged Ethernet) adapter with active RoCE communications was taken down suddenly (either by adapter failure or the intentional shutdown of the interface), the ongoing RoCE communications could cause the kernel to panic and render the machine unusable. A patch has been provided to protect the kernel in this situation and to pass an error up to the application still using the interface after it has been taken down instead. (BZ#799944) * The fix for Red Hat Bugzilla bug 713494, released via RHSA-2011:0928, introduced a regression. Attempting to change the state of certain features, such as GRO (Generic Receive Offload) or TSO (TCP segment offloading), for a 10 Gigabit Ethernet card that is being used in a virtual LAN (VLAN) resulted in a kernel panic. (BZ#816974) * If a new file was created on a Network File System version 4 (NFSv4) share, the ownership was set to nfsnobody (-2) until it was possible to upcall to the idmapper. As a consequence, subsequent file system operations could incorrectly use '-2' for the user and group IDs for the given file, causing certain operations to fail. In reported cases, this issue also caused 'Viminfo file is not writable' errors for users running Vim with files on an NFSv4 share. (BZ#820960) Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 64044
    published 2013-01-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64044
    title RHEL 6 : kernel (RHSA-2012:1042)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0743.NASL
    description From Red Hat Security Advisory 2012:0743 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68544
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68544
    title Oracle Linux 6 : kernel (ELSA-2012-0743)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120618_KERNEL_ON_SL6_X.NASL
    description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) - A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) - When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by us for Scientific Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) - It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) - A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) - A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) - A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) - A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) This update also fixes several bugs. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61331
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61331
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1433-1.NASL
    description A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086) Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. (CVE-2011-4347) Stephan Barwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. (CVE-2012-0045) A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1090) H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system. (CVE-2012-1097) A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146) A flaw was found in the Linux kernel's handling of paged memory. A local unprivileged user, or a privileged user within a KVM guest, could exploit this flaw to crash the system. (CVE-2012-1179) Tetsuo Handa reported a flaw in the OOM (out of memory) killer of the Linux kernel. A local unprivileged user can exploit this flaw to cause system unstability and denial of services. (CVE-2012-4398). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58947
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58947
    title Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1433-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-2020.NASL
    description Description of changes: * CVE-2012-2123: Privilege escalation when assigning permissions using fcaps. If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes. * CVE-2012-2121: Memory leak in KVM device assignment. KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. * Memory corruption in KVM device assignment slot handling. A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption. * CVE-2012-2136: Privilege escalation in TUN/TAP virtual device. The length of packet fragments to be sent wasn't validated before use, leading to heap overflow. A user having access to TUN/TAP virtual device could use this flaw to crash the system or to potentially escalate their privileges. * CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler. A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. * CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service. CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem. In some cases, the hugepage subsystem would allocate new PMDs when not expected by the memory management subsystem. A privileged user in the KVM guest can use this flaw to crash the host, an unprivileged local user could use this flaw to crash the system. CVE-2012-2373: Denial of service in PAE page tables. On a PAE system, a non-atomic load could be corrupted by a page fault resulting in a kernel crash, triggerable by an unprivileged user. * Regression in handling of bind() with AF_UNSPEC family sockets. Legacy applications used to bind() with AF_UNSPEC instead of AF_INET. Allow them to continue doing so, but verify that the address is indeed INADDR_ANY. kernel-uek: [2.6.32-300.27.1.el6uek] - net: sock: validate data_len before allocating skb (Jason Wang) [Bugdb: 13966]{CVE-2012-2136} - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} - Revert 'nfs: when attempting to open a directory, fall back on normal lookup (Todd Vierling) [Orabug 14141154] [2.6.32-300.26.1.el6uek] - mptsas: do not call __mptsas_probe in kthread (Maxim Uvarov) [Orabug: 14175509] - mm: check if any page in a pageblock is reserved before marking it MIGRATE_RESERVE (Maxim Uvarov) [Orabug: 14073214] - mm: reduce the amount of work done when updating min_free_kbytes (Mel Gorman) [Orabug: 14073214] - vmxnet3: Updated to el6-u2 (Guangyu Sun) [Orabug: 14027961] - xen: expose host uuid via sysfs. (Zhigang Wang) - sched: Fix cgroup movement of waking process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of newly created process (Daisuke Nishimura) [Orabug: 13946210] - sched: Fix cgroup movement of forking process (Daisuke Nishimura) [Orabug: 13946210] - x86, boot: Wait for boot cpu to show up if nr_cpus limit is about to hit (Zhenzhong Duan) [Orabug: 13629087] - smp: Use nr_cpus= to set nr_cpu_ids early (Zhenzhong Duan) [Orabug: 13629087] - net: ipv4: relax AF_INET check in bind() (Maxim Uvarov) [Orabug: 14054411] ofa-2.6.32-300.27.1.el6uek: [1.5.1-4.0.58] - Add Patch 158-169
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 68675
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68675
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2020)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0743.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59609
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59609
    title CentOS 6 : kernel (CESA-2012:0743)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-2021.NASL
    description Description of changes: * CVE-2012-2123: Privilege escalation when assigning permissions using fcaps. If a process increases permissions using fcaps, all of the dangerous personality flags which are cleared for suid apps are not cleared. This has allowed programs that gained elevated permissions using fcaps to disable the address space randomization of other processes. * CVE-2012-2121: Memory leak in KVM device assignment. KVM uses memory slots to track and map guest regions of memory. When device assignment is used, the pages backing these slots are pinned in memory and mapped into the iommu. The problem is that when a memory slot is destroyed the pages for the associated memory slot are neither unpinned nor unmapped from the iommu. * Memory corruption in KVM device assignment slot handling. A race condition in the KVM device assignment slot handling caused by missing locks around the unmapping of memory slots could cause a memory corruption. * CVE-2012-2136: Privilege escalation in TUN/TAP virtual device. The length of packet fragments to be sent wasn't validated before use, leading to heap overflow. A user having access to TUN/TAP virtual device could use this flaw to crash the system or to potentially escalate their privileges. * CVE-2012-2137: Buffer overflow in KVM MSI routing entry handler. A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. * CVE-2012-1179 and CVE-2012-2373: Hugepage denial of service. CVE-2012-1179: Denial of service in page mapping of the hugepage subsystem. In some cases, the hugepage subsystem would allocate new PMDs when not expected by the memory management subsystem. A privileged user in the KVM guest can use this flaw to crash the host, an unprivileged local user could use this flaw to crash the system. CVE-2012-2373: Denial of service in PAE page tables. On a PAE system, a non-atomic load could be corrupted by a page fault resulting in a kernel crash, triggerable by an unprivileged user. * Regression in handling of bind() with AF_UNSPEC family sockets. Legacy applications used to bind() with AF_UNSPEC instead of AF_INET. Allow them to continue doing so, but verify that the address is indeed INADDR_ANY. [2.6.39-100.10.1.el6uek] - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (Andrea Arcangeli) [Orabug: 14217003] [2.6.39-100.9.1.el6uek] - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (Andrea Arcangeli) [Bugdb: 13966] {CVE-2012-2373} - mm: thp: fix pmd_bad() triggering in code paths holding mmap_sem read mode (Andrea Arcangeli) {CVE-2012-1179} - KVM: Fix buffer overflow in kvm_set_irq() (Avi Kivity) [Bugdb: 13966] {CVE-2012-2137} - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (Jason Wang) [Bugdb: 13966] {CVE-2012-2136} - KVM: lock slots_lock around device assignment (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: unmap pages from the iommu when slots are removed (Alex Williamson) [Bugdb: 13966] {CVE-2012-2121} - KVM: introduce kvm_for_each_memslot macro (Xiao Guangrong) [Bugdb: 13966] - fcaps: clear the same personality flags as suid when fcaps are used (Eric Paris) [Bugdb: 13966] {CVE-2012-2123} [2.6.39-100.8.1.el6uek] - net: ipv4: relax AF_INET check in bind() (Eric Dumazet) [Orabug: 14054411]
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 68676
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68676
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2012-2021)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-3712.NASL
    description Update to the 3.2.10 stable release, which contains a number of fixes across the kernel. Fixes CVE-2012-1146 Fixes CVE-2012-1179 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58376
    published 2012-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58376
    title Fedora 16 : kernel-3.2.10-3.fc16 (2012-3712)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0743.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59562
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59562
    title RHEL 6 : kernel (RHSA-2012:0743)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1431-1.NASL
    description A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086) Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. (CVE-2011-4347) Stephan Barwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service. (CVE-2012-0045) A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1090) H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system. (CVE-2012-1097) A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146) A flaw was found in the Linux kernel's handling of paged memory. A local unprivileged user, or a privileged user within a KVM guest, could exploit this flaw to crash the system. (CVE-2012-1179) Tetsuo Handa reported a flaw in the OOM (out of memory) killer of the Linux kernel. A local unprivileged user can exploit this flaw to cause system unstability and denial of services. (CVE-2012-4398). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58946
    published 2012-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58946
    title Ubuntu 11.10 : linux vulnerabilities (USN-1431-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-120418.NASL
    description The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues. The following security issues have been fixed : - A locking problem in transparent hugepage support could be used by local attackers to potentially crash the host, or via kvm a privileged guest user could crash the kvm host system. (CVE-2012-1179) - A potential hypervisor escape by issuing SG_IO commands to partitiondevices was fixed by restricting access to these commands. (CVE-2011-4127) - A local attacker could oops the kernel using memory control groups and eventfds. (CVE-2012-1146) - Limit the path length users can build using epoll() to avoid local attackers consuming lots of kernel CPU time. (CVE-2011-1083) - The regset common infrastructure assumed that regsets would always have .get and .set methods, but necessarily .active methods. Unfortunately people have since written regsets without .set method, so NULL pointer dereference attacks were possible. (CVE-2012-1097) - Access to the /proc/pid/taskstats file requires root access to avoid side channel (timing keypresses etc.) attacks on other users. (CVE-2011-2494) - Fixed a oops in jbd/jbd2 that could be caused by specific filesystem access patterns. (CVE-2011-4086) - A malicious NFSv4 server could have caused a oops in the nfsv4 acl handling. (CVE-2011-4131) - Fixed a oops in jbd/jbd2 that could be caused by mounting a malicious prepared filesystem. (Also included are all fixes from the 3.0.14 -> 3.0.25 stable kernel updates.). (CVE-2011-4132) The following non-security issues have been fixed : EFI : - efivars: add missing parameter to efi_pstore_read(). BTRFS : - add a few error cleanups. - btrfs: handle errors when excluding super extents (FATE#306586 bnc#751015). - btrfs: Fix missing goto in btrfs_ioctl_clone. - btrfs: Fixed mishandled -EAGAIN error case from btrfs_split_item. (bnc#750459) - btrfs: disallow unequal data/metadata blocksize for mixed block groups (FATE#306586). - btrfs: enhance superblock sanity checks (FATE#306586 bnc#749651). - btrfs: update message levels (FATE#306586). - btrfs 3.3-rc6 updates : - avoid setting ->d_op twice (FATE#306586 bnc#731387). - btrfs: fix wrong information of the directory in the snapshot (FATE#306586). - btrfs: fix race in reada (FATE#306586). - btrfs: do not add both copies of DUP to reada extent tree (FATE#306586). - btrfs: stop silently switching single chunks to raid0 on balance (FATE#306586). - btrfs: fix locking issues in find_parent_nodes() (FATE#306586). - btrfs: fix casting error in scrub reada code (FATE#306586). - btrfs sync with upstream up to 3.3-rc5 (FATE#306586) - btrfs: Sector Size check during Mount - btrfs: avoid positive number with ERR_PTR - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete - btrfs: do not check DUP chunks twice - btrfs: fix memory leak in load_free_space_cache() - btrfs: delalloc for page dirtied out-of-band in fixup worker - btrfs: fix structs where bitfields and spinlock/atomic share 8B word. - btrfs: silence warning in raid array setup. - btrfs: honor umask when creating subvol root. - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: improve error handling for btrfs_insert_dir_item callers. - btrfs: make sure we update latest_bdev. - btrfs: add extra sanity checks on the path names in btrfs_mksubvol. - btrfs: clear the extent uptodate bits during parent transid failures. - btrfs: increase the global block reserve estimates. - btrfs: fix compiler warnings on 32 bit systems. - Clean up unused code, fix use of error-indicated pointer in transaction teardown. (bnc#748854) - btrfs: fix return value check of extent_io_ops. - btrfs: fix deadlock on page lock when doing auto-defragment. - btrfs: check return value of lookup_extent_mapping() correctly. - btrfs: skip states when they does not contain bits to clear. - btrfs: kick out redundant stuff in convert_extent_bit. - btrfs: fix a bug on overcommit stuff. - btrfs: be less strict on finding next node in clear_extent_bit. - btrfs: do not reserve data with extents locked in btrfs_fallocate. - btrfs: avoid positive number with ERR_PTR. - btrfs: return the internal error unchanged if btrfs_get_extent_fiemap() call failed for SEEK_DATA/SEEK_HOLE inquiry. - btrfs: fix trim 0 bytes after a device delete. - btrfs: do not check DUP chunks twice. - btrfs: fix memory leak in load_free_space_cache(). - btrfs: fix permissions of new subvolume. (bnc#746373) - btrfs: set ioprio of scrub readahead to idle. - fix logic in condition in BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS - fix incorrect exclusion of superblock from blockgroups. (bnc#751743) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: fix incorrect default value. - fix aio/dio bio refcounting bnc#718918. - btrfs: fix locking issues in find_parent_nodes() - Btrfs: fix casting error in scrub reada code - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: Fix uninitialized variable. - btrfs: handle errors from read_tree_block. (bnc#748632) - btrfs: push-up errors from btrfs_num_copies. (bnc#748632) - patches.suse/btrfs-8059-handle-errors-when-excluding-sup er-extents.patch: disable due to potential corruptions (bnc#751743) XFS : - XFS read/write calls do not generate DMAPI events. (bnc#751885) - xfs/dmapi: Remove cached vfsmount. (bnc#749417) - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#716850). NFS : - nfs: Do not allow multiple mounts on same mountpoint when using -o noac. (bnc#745422) - lockd: fix arg parsing for grace_period and timeout (bnc#733761). MD : - raid10: Disable recovery when recovery cannot proceed. (bnc#751171) - md/bitmap: ensure to load bitmap when creating via sysfs. - md: do not set md arrays to readonly on shutdown. (bnc#740180, bnc#713148, bnc#734900) - md: allow last device to be forcibly removed from RAID1/RAID10. (bnc#746717) - md: allow re-add to failed arrays. (bnc#746717) - md: Correctly handle read failure from last working device in RAID10. (bnc#746717) - patches.suse/0003-md-raid1-add-failfast-handling-for-wri tes.patch: Refresh to not crash when handling write error on FailFast devices. bnc#747159 - md/raid10: Fix kernel oops during drive failure. (bnc#750995) - patches.suse/md-re-add-to-failed: Update references. (bnc#746717) - md/raid10: handle merge_bvec_fn in member devices. - md/raid10 - support resizing some RAID10 arrays. Hyper-V : - update hyperv drivers to 3.3-rc7 and move them out of staging: hv_timesource -> merged into core kernel hv_vmbus -> drivers/hv/hv_vmbus hv_utils -> drivers/hv/hv_utils hv_storvsc -> drivers/scsi/hv_storvsc hv_netvsc -> drivers/net/hyperv/hv_netvsc hv_mousevsc -> drivers/hid/hid-hyperv add compat modalias for hv_mousevsc update supported.conf rename all 333 patches, use msft-hv- and suse-hv- as prefix - net/hyperv: Use netif_tx_disable() instead of netif_stop_queue() when necessary. - net/hyperv: rx_bytes should account the ether header size. - net/hyperv: fix the issue that large packets be dropped under bridge. - net/hyperv: Fix the page buffer when an RNDIS message goes beyond page boundary. - net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI : - sd: mark busy sd majors as allocated (bug#744658). - st: expand tape driver ability to write immediate filemarks. (bnc#688996) - scsi scan: do not fail scans when host is in recovery (bnc#747867). S/390 : - dasd: Implement block timeout handling. (bnc#746717) - callhome: fix broken proc interface and activate compid (bnc#748862,LTC#79115). - ctcmpc: use correct idal word list for ctcmpc (bnc#750173,LTC#79264). - Fix recovery in case of concurrent asynchronous deliveries (bnc#748629,LTC#78309). - kernel: 3215 console deadlock (bnc#748629,LTC#78612). - qeth: synchronize discipline module loading (bnc#748629,LTC#78788). - memory hotplug: prevent memory zone interleave (bnc#748629,LTC#79113). - dasd: fix fixpoint divide exception in define_extent (bnc#748629,LTC#79125). - kernel: incorrect kernel message tags (bnc#744795,LTC#78356). - lcs: lcs offline failure (bnc#752484,LTC#79788). - qeth: add missing wake_up call (bnc#752484,LTC#79899). - dasd: Terminate inactive cqrs correctly. (bnc#750995) - dasd: detailed I/O errors. (bnc#746717) - patches.suse/dasd-blk-timeout.patch: Only activate blk_timeout for failfast requests (bnc#753617). ALSA : - ALSA: hda - Set codec to D3 forcibly even if not used. (bnc#750426) - ALSA: hda - Add Realtek ALC269VC codec support. (bnc#748827) - ALSA: hda/realtek - Apply the coef-setup only to ALC269VB. (bnc#748827) - ALSA: pcm - Export snd_pcm_lib_default_mmap() helper. (bnc#748384,bnc#738597) - ALSA: hda - Add snoop option. (bnc#748384,bnc#738597) - ALSA: HDA: Add support for new AMD products. (bnc#748384,bnc#738597) - ALSA: hda - Fix audio playback support on HP Zephyr system. (bnc#749787) - ALSA: hda - Fix mute-LED VREF value for new HP laptops (bnc#745741). EXT3 : - enable patches.suse/ext3-increase-reservation-window.patch. DRM : - drm/i915: Force explicit bpp selection for intel_dp_link_required. (bnc#749980) - drm/i915/dp: Dither down to 6bpc if it makes the mode fit. (bnc#749980) - drm/i915/dp: Read more DPCD registers on connection probe. (bnc#749980) - drm/i915: fixup interlaced bits clearing in PIPECONF on PCH_SPLIT. (bnc#749980) - drm/i915: read full receiver capability field during DP hot plug. (bnc#749980) - drm/intel: Fix initialization if startup happens in interlaced mode [v2]. (bnc#749980) - drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 & rc6: patches.drivers/drm-i915-Prevent-a-machine-hang-by-check ing-crtc-act, patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bri dge, patches.drivers/drm-i915-fix-operator-precedence-when-en abling-RC6p, patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimizat ion-as-it-ca, patches.drivers/drm-i915-gen7-Implement-an-L3-caching-wo rkaround, patches.drivers/drm-i915-gen7-implement-rczunit-workarou nd, patches.drivers/drm-i915-gen7-work-around-a-system-hang- on-IVB - drm/i915: Clear the TV sense state bits on cantiga to make TV detection reliable. (bnc#750041) - drm/i915: Do not write DSPSURF for old chips. (bnc#747071) - drm: Do not delete DPLL Multiplier during DAC init. (bnc#728840) - drm: Set depth on low mem Radeon cards to 16 instead of 8. (bnc#746883) - patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP: Refresh. Updated the patch from the upstream. (bnc#722560) - Add a few missing drm/i915 fixes from upstream 3.2 kernel (bnc#744392) : - drm/i915: Sanitize BIOS debugging bits from PIPECONF. (bnc#751916) - drm/i915: Add lvds_channel module option. (bnc#739837) - drm/i915: Check VBIOS value for determining LVDS dual channel mode, too. (bnc#739837) - agp: fix scratch page cleanup. (bnc#738679) - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). ACPI : - supported.conf: Add acpi_ipmi as supported (bnc#716971). MM : - cpusets: avoid looping when storing to mems_allowed if one. - cpusets: avoid stall when updating mems_allowed for mempolicy. - cpuset: mm: Reduce large amounts of memory barrier related slowdown. - mm: make swapin readahead skip over holes. - mm: allow PF_MEMALLOC from softirq context. - mm: Ensure processes do not remain throttled under memory pressure. (Swap over NFS (fate#304949, bnc#747944). - mm: Allow sparsemem usemap allocations for very large NUMA nodes. (bnc#749049) - backing-dev: fix wakeup timer races with bdi_unregister(). (bnc#741824) - readahead: fix pipeline break caused by block plug. (bnc#746454) - Fix uninitialised variable warning and obey the [get|put]_mems_allowed API. CIFS : - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 / bnc#749569). USB : - xhci: Fix encoding for HS bulk/control NAK rate. (bnc#750402) - USB: Fix handoff when BIOS disables host PCI device. (bnc#747878) - USB: Do not fail USB3 probe on missing legacy PCI IRQ. (bnc#749543) - USB: Adding #define in hub_configure() and hcd.c file. (bnc#714604) - USB: remove BKL comments. (bnc#714604) - xHCI: Adding #define values used for hub descriptor. (bnc#714604) - xHCI: Kick khubd when USB3 resume really completes. (bnc#714604) - xhci: Fix oops caused by more USB2 ports than USB3 ports. (bnc#714604) - USB/xhci: Enable remote wakeup for USB3 devices. (bnc#714604) - USB: Suspend functions before putting dev into U3. (bnc#714604) - USB/xHCI: Enable USB 3.0 hub remote wakeup. (bnc#714604) - USB: Refactor hub remote wake handling. (bnc#714604) - USB/xHCI: Support device-initiated USB 3.0 resume. (bnc#714604) - USB: Set wakeup bits for all children hubs. (bnc#714604) - USB: Turn on auto-suspend for USB 3.0 hubs. (bnc#714604) - USB: Set hub depth after USB3 hub reset. (bnc#749115) - xhci: Fix USB 3.0 device restart on resume. (bnc#745867) - xhci: Remove scary warnings about transfer issues. (bnc#745867) - xhci: Remove warnings about MSI and MSI-X capabilities (bnc#745867). Other : - PCI / PCIe: Introduce command line option to disable ARI. (bnc#742845) - PCI: Set device power state to PCI_D0 for device without native PM support (bnc#752972). X86 : - x86/UV: Lower UV rtc clocksource rating. (bnc#748456) - x86, mce, therm_throt: Do not report power limit and package level thermal throttle events in mcelog. (bnc#745876) - x86: Unlock nmi lock after kdb_ipi call. (bnc#745424) - x86, tsc: Fix SMI induced variation in quick_pit_calibrate(). (bnc#751322) XEN : - Update Xen patches to 3.0.22. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - xenoprof: backward compatibility for changed XENOPROF_ESCAPE_CODE. - blkfront: properly fail packet requests. (bnc#745929) - Refresh other Xen patches. (bnc#732070, bnc#742871) - xenbus: do not free other end details too early. - blkback: also call blkif_disconnect() when frontend switched to closed. - gnttab: add deferred freeing logic. - blkback: failure to write 'feature-barrier' node is non-fatal. Infiniband : - RDMA/cxgb4: Make sure flush CQ entries are collected on connection close. (bnc#721587) - RDMA/cxgb4: Serialize calls to CQs comp_handler. (bnc#721587) - mlx4_en: Assigning TX irq per ring (bnc#624072). Bluetooth : - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported in ath3k. (bnc#732296) - Bluetooth: btusb: fix bInterval for high/super speed isochronous endpoints (bnc#754052). SCTP : - dlm: Do not allocate a fd for peeloff. (bnc#729247) - sctp: Export sctp_do_peeloff (bnc#729247). Other : - qlge: Removing needless prints which are not. (bnc#718863) - ibft: Fix finding IBFT ACPI table on UEFI. (bnc#746579) - proc: Consider NO_HZ when printing idle and iowait times. (bnc#705551) - procfs: do not confuse jiffies with cputime64_t. (bnc#705551) - procfs: do not overflow get_{idle,iowait}_time for nohz. (bnc#705551) - bfa: Do not return DID_ABORT on failure. (bnc#745400) - epoll: Do not limit non-nested epoll paths. (bnc#676204) - Bridge: Always send NETDEV_CHANGEADDR up on br MAC change. (bnc#752408) - hp_accel: Ignore the error from lis3lv02d_poweron() at resume. (bnc#751903) - watchdog: make sure the watchdog thread gets CPU on loaded system. (bnc#738583)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 58845
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58845
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)
redhat via4
advisories
rhsa
id RHSA-2012:0743
rpms
  • kernel-0:2.6.32-220.23.1.el6
  • kernel-bootwrapper-0:2.6.32-220.23.1.el6
  • kernel-debug-0:2.6.32-220.23.1.el6
  • kernel-debug-devel-0:2.6.32-220.23.1.el6
  • kernel-devel-0:2.6.32-220.23.1.el6
  • kernel-doc-0:2.6.32-220.23.1.el6
  • kernel-firmware-0:2.6.32-220.23.1.el6
  • kernel-headers-0:2.6.32-220.23.1.el6
  • kernel-kdump-0:2.6.32-220.23.1.el6
  • kernel-kdump-devel-0:2.6.32-220.23.1.el6
  • perf-0:2.6.32-220.23.1.el6
  • python-perf-0:2.6.32-220.23.1.el6
refmap via4
confirm
fedora FEDORA-2012-3712
hp HPSBGN02970
mlist [oss-security] 20120315 CVE-2012-1179 kernel: thp: __split_huge_page() mapcount != page_mapcount BUG_ON()
sectrack 1027084
secunia
  • 48404
  • 48898
suse SUSE-SU-2012:0554
Last major update 22-08-2016 - 22:05
Published 17-05-2012 - 07:00
Last modified 28-12-2017 - 21:29
Back to Top