ID CVE-2013-6378
Summary The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation.
References
Vulnerable Configurations
  • Linux Kernel 3.12.1
    cpe:2.3:o:linux:linux_kernel:3.12.1
  • Linux Kernel 3.12
    cpe:2.3:o:linux:linux_kernel:3.12
  • Linux Kernel 3.11.7
    cpe:2.3:o:linux:linux_kernel:3.11.7
  • Linux Kernel 3.10.18
    cpe:2.3:o:linux:linux_kernel:3.10.18
  • Linux Kernel 3.10.17
    cpe:2.3:o:linux:linux_kernel:3.10.17
  • Linux Kernel 3.10.16
    cpe:2.3:o:linux:linux_kernel:3.10.16
  • Linux Kernel 3.10.15
    cpe:2.3:o:linux:linux_kernel:3.10.15
  • Linux Kernel 3.10.14
    cpe:2.3:o:linux:linux_kernel:3.10.14
  • Linux Kernel 3.10.13
    cpe:2.3:o:linux:linux_kernel:3.10.13
  • Linux Kernel 3.10.1
    cpe:2.3:o:linux:linux_kernel:3.10.1
  • Linux Kernel 3.10.10
    cpe:2.3:o:linux:linux_kernel:3.10.10
  • Linux Kernel 3.10.11
    cpe:2.3:o:linux:linux_kernel:3.10.11
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.12
  • Linux Kernel 3.10.2
    cpe:2.3:o:linux:linux_kernel:3.10.2
  • Linux Kernel 3.10.3
    cpe:2.3:o:linux:linux_kernel:3.10.3
  • Linux Kernel 3.10.4
    cpe:2.3:o:linux:linux_kernel:3.10.4
  • Linux Kernel 3.10.5
    cpe:2.3:o:linux:linux_kernel:3.10.5
  • Linux Kernel 3.10.6
    cpe:2.3:o:linux:linux_kernel:3.10.6
  • Linux Kernel 3.10.7
    cpe:2.3:o:linux:linux_kernel:3.10.7
  • Linux Kernel 3.10.8
    cpe:2.3:o:linux:linux_kernel:3.10.8
  • Linux Kernel 3.10.9
    cpe:2.3:o:linux:linux_kernel:3.10.9
  • Linux Kernel 3.11
    cpe:2.3:o:linux:linux_kernel:3.11
  • Linux Kernel 3.11.1
    cpe:2.3:o:linux:linux_kernel:3.11.1
  • Linux Kernel 3.11.2
    cpe:2.3:o:linux:linux_kernel:3.11.2
  • Linux Kernel 3.11.3
    cpe:2.3:o:linux:linux_kernel:3.11.3
  • Linux Kernel 3.11.4
    cpe:2.3:o:linux:linux_kernel:3.11.4
  • Linux Kernel 3.11.5
    cpe:2.3:o:linux:linux_kernel:3.11.5
  • Linux Kernel 3.11.6
    cpe:2.3:o:linux:linux_kernel:3.11.6
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.9.9
    cpe:2.3:o:linux:linux_kernel:3.9.9
  • Linux Kernel 3.9.8
    cpe:2.3:o:linux:linux_kernel:3.9.8
  • Linux Kernel 3.9.7
    cpe:2.3:o:linux:linux_kernel:3.9.7
  • Linux Kernel 3.9.6
    cpe:2.3:o:linux:linux_kernel:3.9.6
  • Linux Kernel 3.9.5
    cpe:2.3:o:linux:linux_kernel:3.9.5
  • Linux Kernel 3.9.4
    cpe:2.3:o:linux:linux_kernel:3.9.4
  • Linux Kernel 3.9.3
    cpe:2.3:o:linux:linux_kernel:3.9.3
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.9.0
    cpe:2.3:o:linux:linux_kernel:3.9.0
  • Linux Kernel 3.9.1
    cpe:2.3:o:linux:linux_kernel:3.9.1
  • Linux Kernel 3.9.10
    cpe:2.3:o:linux:linux_kernel:3.9.10
  • Linux Kernel 3.9.11
    cpe:2.3:o:linux:linux_kernel:3.9.11
  • Linux Kernel 3.9.2
    cpe:2.3:o:linux:linux_kernel:3.9.2
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
CVSS
Base: 4.4 (as of 27-11-2013 - 11:04)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
LOCAL MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-0771.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76170
    published 2014-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76170
    title CentOS 6 : kernel (CESA-2014:0771)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-22531.NASL
    description Update to last upstream 3.11 stable release, 3.11.10. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71222
    published 2013-12-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71222
    title Fedora 20 : kernel-3.11.10-300.fc20 (2013-22531)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0287-1.NASL
    description This is a SUSE Linux Enterprise Server 11 SP1 LTSS roll up update to fix a lot of security issues and non-security bugs. The following security bugs have been fixed : CVE-2011-3593: A certain Red Hat patch to the vlan_hwaccel_do_receive function in net/8021q/vlan_core.c in the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows remote attackers to cause a denial of service (system crash) via priority-tagged VLAN frames. (bnc#735347) CVE-2012-1601: The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists. (bnc#754898) CVE-2012-2137: Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function. (bnc#767612) CVE-2012-2372: The rds_ib_xmit function in net/rds/ib_send.c in the Reliable Datagram Sockets (RDS) protocol implementation in the Linux kernel 3.7.4 and earlier allows local users to cause a denial of service (BUG_ON and kernel panic) by establishing an RDS connection with the source IP address equal to the IPoIB interfaces own IP address, as demonstrated by rds-ping. (bnc#767610) CVE-2012-2745: The copy_creds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users to cause a denial of service (panic) via a crafted application that uses the fork system call. (bnc#770695) CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083. (bnc#769896) CVE-2012-3412: The sfc (aka Solarflare Solarstorm) driver in the Linux kernel before 3.2.30 allows remote attackers to cause a denial of service (DMA descriptor consumption and network-controller outage) via crafted TCP packets that trigger a small MSS value. (bnc#774523) CVE-2012-3430: The rds_recvmsg function in net/rds/recv.c in the Linux kernel before 3.0.44 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel stack memory via a (1) recvfrom or (2) recvmsg system call on an RDS socket. (bnc#773383) CVE-2012-3511: Multiple race conditions in the madvise_remove function in mm/madvise.c in the Linux kernel before 3.4.5 allow local users to cause a denial of service (use-after-free and system crash) via vectors involving a (1) munmap or (2) close system call. (bnc#776885) CVE-2012-4444: The ip6_frag_queue function in net/ipv6/reassembly.c in the Linux kernel before 2.6.36 allows remote attackers to bypass intended network restrictions via overlapping IPv6 fragments. (bnc#789831) CVE-2012-4530: The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#786013) CVE-2012-4565: The tcp_illinois_info function in net/ipv4/tcp_illinois.c in the Linux kernel before 3.4.19, when the net.ipv4.tcp_congestion_control illinois setting is enabled, allows local users to cause a denial of service (divide-by-zero error and OOPS) by reading TCP stats. (bnc#787576) CVE-2012-6537: net/xfrm/xfrm_user.c in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6538: The copy_to_user_auth function in net/xfrm/xfrm_user.c in the Linux kernel before 3.6 uses an incorrect C library function for copying a string, which allows local users to obtain sensitive information from kernel heap memory by leveraging the CAP_NET_ADMIN capability. (bnc#809889) CVE-2012-6539: The dev_ifconf function in net/socket.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809891) CVE-2012-6540: The do_ip_vs_get_ctl function in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 3.6 does not initialize a certain structure for IP_VS_SO_GET_TIMEOUT commands, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809892) CVE-2012-6541: The ccid3_hc_tx_getsockopt function in net/dccp/ccids/ccid3.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809893) CVE-2012-6542: The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel before 3.6 has an incorrect return value in certain circumstances, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that leverages an uninitialized pointer argument. (bnc#809894) CVE-2012-6544: The Bluetooth protocol stack in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application that targets the (1) L2CAP or (2) HCI implementation. (bnc#809898) CVE-2012-6545: The Bluetooth RFCOMM implementation in the Linux kernel before 3.6 does not properly initialize certain structures, which allows local users to obtain sensitive information from kernel memory via a crafted application. (bnc#809899) CVE-2012-6546: The ATM implementation in the Linux kernel before 3.6 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809900) CVE-2012-6547: The __tun_chr_ioctl function in drivers/net/tun.c in the Linux kernel before 3.6 does not initialize a certain structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#809901) CVE-2012-6548: The udf_encode_fh function in fs/udf/namei.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809902) CVE-2012-6549: The isofs_export_encode_fh function in fs/isofs/export.c in the Linux kernel before 3.6 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory via a crafted application. (bnc#809903) CVE-2013-0160: The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device. (bnc#797175) CVE-2013-0216: The Xen netback functionality in the Linux kernel before 3.7.8 allows guest OS users to cause a denial of service (loop) by triggering ring pointer corruption. (bnc#800280)(XSA-39) CVE-2013-0231: The pciback_enable_msi function in the PCI backend driver (drivers/xen/pciback/conf_space_capability_msi.c) in Xen for the Linux kernel 2.6.18 and 3.8 allows guest OS users with PCI device access to cause a denial of service via a large number of kernel log messages. NOTE: some of these details are obtained from third-party information. (bnc#801178)(XSA-43) CVE-2013-0268: The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c. (bnc#802642) CVE-2013-0310: The cipso_v4_validate function in net/ipv4/cipso_ipv4.c in the Linux kernel before 3.4.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via an IPOPT_CIPSO IP_OPTIONS setsockopt system call. (bnc#804653) CVE-2013-0343: The ipv6_create_tempaddr function in net/ipv6/addrconf.c in the Linux kernel through 3.8 does not properly handle problems with the generation of IPv6 temporary addresses, which allows remote attackers to cause a denial of service (excessive retries and address-generation outage), and consequently obtain sensitive information, via ICMPv6 Router Advertisement (RA) messages. (bnc#805226) CVE-2013-0349: The hidp_setup_hid function in net/bluetooth/hidp/core.c in the Linux kernel before 3.7.6 does not properly copy a certain name field, which allows local users to obtain sensitive information from kernel memory by setting a long name and making an HIDPCONNADD ioctl call. (bnc#805227) CVE-2013-0871: Race condition in the ptrace functionality in the Linux kernel before 3.7.5 allows local users to gain privileges via a PTRACE_SETREGS ptrace system call in a crafted application, as demonstrated by ptrace_death. (bnc#804154) CVE-2013-0914: The flush_signal_handlers function in kernel/signal.c in the Linux kernel before 3.8.4 preserves the value of the sa_restorer field across an exec operation, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application containing a sigaction system call. (bnc#808827) CVE-2013-1767: Use-after-free vulnerability in the shmem_remount_fs function in mm/shmem.c in the Linux kernel before 3.7.10 allows local users to gain privileges or cause a denial of service (system crash) by remounting a tmpfs filesystem without specifying a required mpol (aka mempolicy) mount option. (bnc#806138) CVE-2013-1773: Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion. (bnc#806977) CVE-2013-1774: The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /dev/ttyUSB read or write operation on a disconnected Edgeport USB serial converter. (bnc#806976) CVE-2013-1792: Race condition in the install_user_keyrings function in security/keys/process_keys.c in the Linux kernel before 3.8.3 allows local users to cause a denial of service (NULL pointer dereference and system crash) via crafted keyctl system calls that trigger keyring operations in simultaneous threads. (bnc#808358) CVE-2013-1796: The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application. (bnc#806980) CVE-2013-1797: Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation. (bnc#806980) CVE-2013-1798: The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application. (bnc#806980) CVE-2013-1827: net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAP_NET_ADMIN capability for a certain (1) sender or (2) receiver getsockopt call. (bnc#811354) CVE-2013-1928: The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device. (bnc#813735) CVE-2013-1943: The KVM subsystem in the Linux kernel before 3.0 does not check whether kernel addresses are specified during allocation of memory slots for use in a guests physical address space, which allows local users to gain privileges or obtain sensitive information from kernel memory via a crafted application, related to arch/x86/kvm/paging_tmpl.h and virt/kvm/kvm_main.c. (bnc#828012) CVE-2013-2015: The ext4_orphan_del function in fs/ext4/namei.c in the Linux kernel before 3.7.3 does not properly handle orphan-list entries for non-journal filesystems, which allows physically proximate attackers to cause a denial of service (system hang) via a crafted filesystem on removable media, as demonstrated by the e2fsprogs tests/f_orphan_extents_inode/image.gz test. (bnc#817377) CVE-2013-2141: The do_tkill function in kernel/signal.c in the Linux kernel before 3.8.9 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via a crafted application that makes a (1) tkill or (2) tgkill system call. (bnc#823267) CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel through 3.9.4 do not initialize certain data structures, which allows local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c. (bnc#823260) CVE-2013-2164: The mmc_ioctl_cdrom_read_data function in drivers/cdrom/cdrom.c in the Linux kernel through 3.10 allows local users to obtain sensitive information from kernel memory via a read operation on a malfunctioning CD-ROM drive. (bnc#824295) CVE-2013-2232: The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to an IPv4 interface. (bnc#827750) CVE-2013-2234: The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify interface of an IPSec key_socket. (bnc#827749) CVE-2013-2237: The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel heap memory by reading a broadcast message from the notify_policy interface of an IPSec key_socket. (bnc#828119) CVE-2013-2634: net/dcb/dcbnl.c in the Linux kernel before 3.8.4 does not initialize certain structures, which allows local users to obtain sensitive information from kernel stack memory via a crafted application. (bnc#810473) CVE-2013-2851: Format string vulnerability in the register_disk function in block/genhd.c in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and writing format string specifiers to /sys/module/md_mod/parameters/new_array in order to create a crafted /dev/md device name. (bnc#822575) CVE-2013-2852: Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message. (bnc#822579) CVE-2013-2888: Multiple array index errors in drivers/hid/hid-core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11 allow physically proximate attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a crafted device that provides an invalid Report ID. (bnc#835839) CVE-2013-2889: drivers/hid/hid-zpff.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_ZEROPLUS is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2892: drivers/hid/hid-pl.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PANTHERLORD is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device. (bnc#835839) CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allows physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c. (bnc#835839) CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device. (bnc#835839) CVE-2013-2929: The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h. (bnc#847652) CVE-2013-3222: The vcc_recvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3223: The ax25_recvmsg function in net/ax25/af_ax25.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3224: The bt_sock_recvmsg function in net/bluetooth/af_bluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3225: The rfcomm_sock_recvmsg function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3228: The irda_recvmsg_dgram function in net/irda/af_irda.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3229: The iucv_sock_recvmsg function in net/iucv/af_iucv.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3231: The llc_ui_recvmsg function in net/llc/af_llc.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3232: The nr_recvmsg function in net/netrom/af_netrom.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3234: The rose_recvmsg function in net/rose/af_rose.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-3235: net/tipc/socket.c in the Linux kernel before 3.9-rc7 does not initialize a certain data structure and a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call. (bnc#816668) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-4470: The Linux kernel before 3.12, when UDP Fragmentation Offload (UFO) is enabled, does not properly initialize certain data structures, which allows local users to cause a denial of service (memory corruption and system crash) or possibly gain privileges via a crafted application that uses the UDP_CORK option in a setsockopt system call and sends both short and long packets, related to the ip_ufo_append_data function in net/ipv4/ip_output.c and the ip6_ufo_append_data function in net/ipv6/ip6_output.c. (bnc#847672) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4588: Multiple stack-based buffer overflows in net/netfilter/ipvs/ip_vs_ctl.c in the Linux kernel before 2.6.33, when CONFIG_IP_VS is used, allow local users to gain privileges by leveraging the CAP_NET_ADMIN capability for (1) a getsockopt system call, related to the do_ip_vs_get_ctl function, or (2) a setsockopt system call, related to the do_ip_vs_set_ctl function. (bnc#851095) CVE-2013-4591: Buffer overflow in the __nfs4_get_acl_uncached function in fs/nfs/nfs4proc.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (memory corruption and system crash) or possibly have unspecified other impact via a getxattr system call for the system.nfs4_acl extended attribute of a pathname on an NFSv4 filesystem. (bnc#851103) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2014-1444: The fst_get_iface function in drivers/net/wan/farsync.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCWANDEV ioctl call. (bnc#858869) CVE-2014-1445: The wanxl_ioctl function in drivers/net/wan/wanxl.c in the Linux kernel before 3.11.7 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an ioctl call. (bnc#858870) CVE-2014-1446: The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux kernel before 3.12.8 does not initialize a certain structure member, which allows local users to obtain sensitive information from kernel memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG ioctl call. (bnc#858872) Also the following non-security bugs have been fixed : - x86: Clear HPET configuration registers on startup (bnc#748896). - sched: fix divide by zero in task_utime() (bnc#761774). - sched: Fix pick_next_highest_task_rt() for cgroups (bnc#760596). - mm: hugetlbfs: Close race during teardown of hugetlbfs shared page tables. - mm: hugetlbfs: Correctly detect if page tables have just been shared. (Fix bad PMD message displayed while using hugetlbfs (bnc#762366)). - cpumask: Partition_sched_domains takes array of cpumask_var_t (bnc#812364). - cpumask: Simplify sched_rt.c (bnc#812364). - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - memcg: fix init_section_page_cgroup pfn alignment (bnc#835481). - tty: fix up atime/mtime mess, take three (bnc#797175). - tty: fix atime/mtime regression (bnc#815745). - ptrace: ptrace_resume() should not wake up !TASK_TRACED thread (bnc#804154). - kbuild: Fix gcc -x syntax (bnc#773831). - ftrace: Disable function tracing during suspend/resume and hibernation, again (bnc#768668). proc: fix pagemap_read() error case (bnc#787573). net: Upgrade device features irrespective of mask (bnc#715250). - tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - netfilter: use RCU safe kfree for conntrack extensions (bnc#827416). - netfilter: prevent race condition breaking net reference counting (bnc#835094). - netfilter: send ICMPv6 message on fragment reassembly timeout (bnc#773577). - netfilter: fix sending ICMPv6 on netfilter reassembly timeout (bnc#773577). - tcp_cubic: limit delayed_ack ratio to prevent divide error (bnc#810045). bonding: in balance-rr mode, set curr_active_slave only if it is up (bnc#789648). scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - scsi: Always retry internal target error (bnc#745640, bnc#825227). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). - scsi: Eliminate error handler overload of the SCSI serial number (bnc#798050). - scsi: Reduce error recovery time by reducing use of TURs (bnc#798050). - scsi: Reduce sequential pointer derefs in scsi_error.c and reduce size as well (bnc#798050). - scsi: cleanup setting task state in scsi_error_handler() (bnc#798050). - scsi: fix eh wakeup (scsi_schedule_eh vs scsi_restart_operations) (bnc#798050). scsi: fix id computation in scsi_eh_target_reset() (bnc#798050). advansys: Remove 'last_reset' references (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). - fc class: fix scanning when devs are offline (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). st: Store page order before driver buffer allocation (bnc#769644). - st: Increase success probability in driver buffer allocation (bnc#769644). st: work around broken __bio_add_page logic (bnc#769644). avoid race by ignoring flush_time in cache_check (bnc#814363). writeback: remove the internal 5% low bound on dirty_ratio - writeback: skip balance_dirty_pages() for in-memory fs (Do not dirty throttle ram-based filesystems (bnc#840858)). writeback: Do not sync data dirtied after sync start (bnc#833820). blkdev_max_block: make private to fs/buffer.c (bnc#820338). - vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). vfs: fix O_DIRECT read past end of block device (bnc#820338). lib/radix-tree.c: make radix_tree_node_alloc() work correctly within interrupt (bnc#763463). xfs: allow writeback from kswapd (bnc#826707). - xfs: skip writeback from reclaim context (bnc#826707). - xfs: Serialize file-extending direct IO (bnc#818371). - xfs: Avoid pathological backwards allocation (bnc#805945). xfs: fix inode lookup race (bnc#763463). cifs: clarify the meaning of tcpStatus == CifsGood (bnc#776024). cifs: do not allow cifs_reconnect to exit with NULL socket pointer (bnc#776024). ocfs2: Add a missing journal credit in ocfs2_link_credits() -v2 (bnc#773320). usb: Fix deadlock in hid_reset when Dell iDRAC is reset (bnc#814716). usb: xhci: Fix command completion after a drop endpoint (bnc#807320). netiucv: Hold rtnl between name allocation and device registration (bnc#824159). rwsem: Test for no active locks in __rwsem_do_wake undo code (bnc#813276). nfs: NFSv3/v2: Fix data corruption with NFS short reads (bnc#818337). - nfs: Allow sec=none mounts in certain cases (bnc#795354). - nfs: Make nfsiod a multi-thread queue (bnc#815352). - nfs: increase number of permitted callback connections (bnc#771706). - nfs: Fix Oops in nfs_lookup_revalidate (bnc#780008). - nfs: do not allow TASK_KILLABLE sleeps to block the freezer (bnc#775182). nfs: Avoid race in d_splice_alias and vfs_rmdir (bnc#845028). svcrpc: take lock on turning entry NEGATIVE in cache_check (bnc#803320). - svcrpc: ensure cache_check caller sees updated entry (bnc#803320). - sunrpc/cache: remove races with queuing an upcall (bnc#803320). - sunrpc/cache: use cache_fresh_unlocked consistently and correctly (bnc#803320). - sunrpc/cache: ensure items removed from cache do not have pending upcalls (bnc#803320). - sunrpc/cache: do not schedule update on cache item that has been replaced (bnc#803320). sunrpc/cache: fix test in try_to_negate (bnc#803320). xenbus: fix overflow check in xenbus_dev_write(). - x86: do not corrupt %eip when returning from a signal handler. - scsiback/usbback: move cond_resched() invocations to proper place. netback: fix netbk_count_requests(). dm: add dm_deleting_md function (bnc#785016). - dm: bind new table before destroying old (bnc#785016). - dm: keep old table until after resume succeeded (bnc#785016). dm: rename dm_get_table to dm_get_live_table (bnc#785016). drm/edid: Fix up partially corrupted headers (bnc#780004). drm/edid: Retry EDID fetch up to four times (bnc#780004). i2c-algo-bit: Fix spurious SCL timeouts under heavy load (bnc#780004). hpilo: remove pci_disable_device (bnc#752544). mptsas: handle 'Initializing Command Required' ASCQ (bnc#782178). mpt2sas: Fix race on shutdown (bnc#856917). ipmi: decrease the IPMI message transaction time in interrupt mode (bnc#763654). - ipmi: simplify locking (bnc#763654). ipmi: use a tasklet for handling received messages (bnc#763654). bnx2x: bug fix when loading after SAN boot (bnc#714906). bnx2x: previous driver unload revised (bnc#714906). ixgbe: Address fact that RSC was not setting GSO size for incoming frames (bnc#776144). ixgbe: pull PSRTYPE configuration into a separate function (bnc#780572 bnc#773640 bnc#776144). e1000e: clear REQ and GNT in EECD (82571 && 82572) (bnc#762099). hpsa: do not attempt to read from a write-only register (bnc#777473). aio: Fixup kABI for the aio-implement-request-batching patch (bnc#772849). - aio: bump i_count instead of using igrab (bnc#772849). aio: implement request batching (bnc#772849). Driver core: Do not remove kobjects in device_shutdown (bnc#771992). resources: fix call to alignf() in allocate_resource() (bnc#744955). - resources: when allocate_resource() fails, leave resource untouched (bnc#744955). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83611
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83611
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2014:0287-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3043.NASL
    description Description of changes: kernel-uek [2.6.32-400.36.3.el6uek] - fix autofs/afs/etc. magic mountpoint breakage (Al Viro) [Orabug: 19028505] {CVE-2014-0203} - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028381] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028446] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028439] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028417] {CVE-2013-6378}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76186
    published 2014-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76186
    title Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3043)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3042.NASL
    description Description of changes: [2.6.39-400.215.3.el6uek] - SELinux: Fix kernel BUG on empty security contexts. (Stephen Smalley) [Orabug: 19028380] {CVE-2014-1874} - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028444] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028438] {CVE-2014-1737} - libertas: potential oops in debugfs (Dan Carpenter) [Orabug: 19028416] {CVE-2013-6378}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 76185
    published 2014-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76185
    title Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2014-3042)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0100.NASL
    description Updated kernel-rt packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise MRG 2.4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel-rt packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's TCP/IP protocol suite implementation handled sending of certain UDP packets over sockets that used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature was enabled on the output device. A local, unprivileged user could use this flaw to cause a denial of service or, potentially, escalate their privileges on the system. (CVE-2013-4470, Important) * A flaw was found in the way the perf_trace_event_perm() function in the Linux kernel checked permissions for the function tracer functionality. An unprivileged local user could use this flaw to enable function tracing and cause a denial of service on the system. (CVE-2013-2930, Moderate) * A flaw was found in the way the net_ctl_permissions() function in the Linux kernel checked access permissions. A local, unprivileged user could potentially use this flaw to access certain files in /proc/sys/net regardless of the underlying file system permissions. (CVE-2013-4270, Moderate) * A flaw was found in the way the Linux kernel's Adaptec RAID controller (aacraid) checked permissions of compat IOCTLs. A local attacker could use this flaw to bypass intended security restrictions. (CVE-2013-6383, Moderate) * A flaw was found in the way the get_dumpable() function return value was interpreted in the ptrace subsystem of the Linux kernel. When 'fs.suid_dumpable' was set to 2, a local, unprivileged local user could use this flaw to bypass intended ptrace restrictions and obtain potentially sensitive information. (CVE-2013-2929, Low) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A NULL pointer dereference flaw was found in the Linux kernel's IPv6 source address-based routing implementation. A local attacker who has the CAP_NET_ADMIN capability could use this flaw to crash the system. (CVE-2013-6431, Low) Red Hat would like to thank Hannes Frederic Sowa for reporting CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav Vadkerti of Red Hat. This update also fixes multiple bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which upgrade the kernel-rt kernel to version kernel-rt-3.8.13-rt27, correct these issues, and fix the bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76672
    published 2014-07-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76672
    title RHEL 6 : MRG (RHSA-2014:0100)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20140619_KERNEL_ON_SL6_X.NASL
    description * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 76157
    published 2014-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76157
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-22669.NASL
    description The 3.11.10 stable update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71249
    published 2013-12-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71249
    title Fedora 19 : kernel-3.11.10-200.fc19 (2013-22669)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-291.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (CVE-2013-2929). The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application (CVE-2013-2930). Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511). Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation (CVE-2013-4512). Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514). The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call (CVE-2013-4515). Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots (CVE-2013-4592). The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation (CVE-2013-6378). The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command (CVE-2013-6380). Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size (CVE-2013-6381). The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call (CVE-2013-6383). The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511 (CVE-2013-6763). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 71511
    published 2013-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71511
    title Mandriva Linux Security Advisory : kernel (MDVSA-2013:291)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-0771.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76156
    published 2014-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76156
    title RHEL 6 : kernel (RHSA-2014:0771)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0140-1.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - Provide realtime priority kthread and workqueue boot options (bnc#836718). - sched: Fix several races in CFS_BANDWIDTH (bnc#848336). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - macvlan: disable LRO on lower device instead of macvlan (bnc#846984). - macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). - xen: netback: bump tx queue length (bnc#849404). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue (bnc#852624). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4 - fix deal with autofs4_write races (bnc#851314). autofs4 - use simple_empty() for empty directory check (bnc#851314). blkdev_max_block: make private to fs/buffer.c (bnc#820338). Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). vfs: fix O_DIRECT read past end of block device (bnc#820338). cifs: Improve performance of browsing directories with several files (bnc#810323). cifs: Ensure cifs directories do not show up as files (bnc#826602). sd: avoid deadlocks when running under multipath (bnc#818545). - sd: fix crash when UA received on DIF enabled device (bnc#841445). sg: fix blk_get_queue usage (bnc#834808). block: factor out vector mergeable decision to a helper function (bnc#769644). block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). dm-multipath: abort all requests when failing a path (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - cleanup setting task state in scsi_error_handler() (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). - scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). - scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). - scsi_dh_alua: Evaluate state for all port groups (bnc#708296). - scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). - scsi_dh_alua: Make stpg synchronous (bnc#708296). - scsi_dh_alua: Pass buffer as function argument (bnc#708296). - scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). - scsi_dh_alua: Recheck state on transitioning (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). - scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). - scsi_dh_alua: asynchronous RTPG (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). - scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). - scsi_dh_alua: move RTPG to workqueue (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh_alua: move some sense code handling into generic code (bnc#813245). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - scsi_dh_alua: parse target device id (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: put sense buffer on stack (bnc#708296). - scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). - scsi_dh_alua: simplify alua_check_sense() (bnc#843642). - scsi_dh_alua: simplify state update (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: use flag for RTPG extended header (bnc#708296). - scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). - lpfc: Fix kernel warning on spinlock usage (bnc#806988). lpfc: Fixed system panic due to midlayer abort (bnc#806988). qla2xxx: Add module parameter to override the default request queue size (bnc#826756). qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). bna: do not register ndo_set_rx_mode callback (bnc#847261). - hv: handle more than just WS2008 in KVP negotiation (bnc#850640). drm: do not add inferred modes for monitors that do not support them (bnc#849809). pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). - pci: fix truncation of resource size to 32 bits (bnc#843419). - pci: pciehp: Retrieve link speed after link is trained (bnc#820102). - pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). - pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). - pci: pciehp: make check_link_active more helpful (bnc#820102). - pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). - pci: pciehp: Add Disable/enable link functions (bnc#820102). pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). - mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). - net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83608
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83608
    title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2064-1.NASL
    description Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) A flaw was discovered in the Linux kernel's IP Virtual Server (IP_VS) support. A local user with the CAP_NET_ADMIN capability could exploit this flaw to gain additional administrative privileges. (CVE-2013-4588) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71791
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71791
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-2064-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2114-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72577
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72577
    title Ubuntu 12.10 : linux vulnerabilities (USN-2114-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140124.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - SCSI & usb-storage: add try_rc_10_first flag. (bnc#853428) - iscsi_target: race condition on shutdown. (bnc#850072) - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception. (bnc#837206) - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout. (bnc#856481) - advansys: Remove 'last_reset' references. (bnc#856481) - dc395: Move 'last_reset' into internal host structure. (bnc#856481) - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481) - remove check for 'resetting'. (bnc#856481) - tmscsim: Move 'last_reset' into host structure. (bnc#856481) - scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist. (bnc#846654) - md: Change handling of save_raid_disk and metadata update during recovery. (bnc#849364) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#856481) - crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - X.509: Fix certificate gathering. (bnc#805114) - pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console(). (bnc#733022, bnc#852652) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - igb: Fix get_fw_version function for all parts. (bnc#848317) - igb: Refactor of init_nvm_params. (bnc#848317) - r8169: check ALDPS bit and disable it if enabled for the 8168g. (bnc#845352) - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). - bnx2x: remove false warning regarding interrupt number. (bnc#769035) - usb: Fix xHCI host issues on remote wakeup. (bnc#846989) - xhci: Limit the spurious wakeup fix only to HP machines. (bnc#833097) - Intel xhci: refactor EHCI/xHCI port switching. (bnc#840116) - xhci-hub.c: preserved kABI. (bnc#840116) - xhci: Refactor port status into a new function. (bnc#840116) - HID: multitouch: Add support for NextWindow 0340 touchscreen. (bnc#849855) - HID: multitouch: Add support for Qaunta 3027 touchscreen. (bnc#854516) - HID: multitouch: add support for Atmel 212c touchscreen. (bnc#793727) - HID: multitouch: partial support of win8 devices. (bnc#854516,bnc#793727,bnc#849855) - HID: hid-multitouch: add support for the IDEACOM 6650 chip. (bnc#854516,bnc#793727,bnc#849855) - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864) - ALSA: hda - load EQ params into IDT codec on HP bNB13 systems. (bnc#850493) - lpfc: correct some issues with txcomplq processing. (bnc#818064) - lpfc: correct an issue with rrq processing. (bnc#818064) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - Pragmatic workaround for realtime class abuse induced latency issues. - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - PCI: pciehp: Retrieve link speed after link is trained. (bnc#820102) - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - PCI: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - PCI: pciehp: make check_link_active more helpful. (bnc#820102) - PCI: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - PCI: pciehp: Add Disable/enable link functions. (bnc#820102) - PCI: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - PCI: fix truncation of resource size to 32 bits. (bnc#843419) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - mei: ME hardware reset needs to be synchronized. (bnc#821619) - kabi: Restore struct irq_desc::timer_rand_state. - fs3270: unloading module does not remove device (bnc#851879, LTC#100284). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - isci: Fix a race condition in the SSP task management path. (bnc#826978) - ptp: dynamic allocation of PHC char devices. (bnc#851290) - efifb: prevent null-deref when iterating dmi_list. (bnc#848055) - dm-mpath: Fixup race condition in activate_path(). (bnc#708296) - dm-mpath: do not detach stale hardware handler. (bnc#708296) - dm-multipath: Improve logging. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: fixup misplaced brace in alua_initialize(). (bnc#858831) - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions. (bnc#850103) - drm/mgag200: Bug fix: Modified pll algorithm for EH project. (bnc#841654) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72324
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72324
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140125.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - SCSI & usb-storage: add try_rc_10_first flag. (bnc#853428) - iscsi_target: race condition on shutdown. (bnc#850072) - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception. (bnc#837206) - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout. (bnc#856481) - advansys: Remove 'last_reset' references. (bnc#856481) - dc395: Move 'last_reset' into internal host structure. (bnc#856481) - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481) - remove check for 'resetting'. (bnc#856481) - tmscsim: Move 'last_reset' into host structure. (bnc#856481) - scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist. (bnc#846654) - md: Change handling of save_raid_disk and metadata update during recovery. (bnc#849364) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#856481) - crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - X.509: Fix certificate gathering. (bnc#805114) - pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console(). (bnc#733022, bnc#852652) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - igb: Fix get_fw_version function for all parts. (bnc#848317) - igb: Refactor of init_nvm_params. (bnc#848317) - r8169: check ALDPS bit and disable it if enabled for the 8168g. (bnc#845352) - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). - bnx2x: remove false warning regarding interrupt number. (bnc#769035) - usb: Fix xHCI host issues on remote wakeup. (bnc#846989) - xhci: Limit the spurious wakeup fix only to HP machines. (bnc#833097) - Intel xhci: refactor EHCI/xHCI port switching. (bnc#840116) - xhci-hub.c: preserved kABI. (bnc#840116) - xhci: Refactor port status into a new function. (bnc#840116) - HID: multitouch: Add support for NextWindow 0340 touchscreen. (bnc#849855) - HID: multitouch: Add support for Qaunta 3027 touchscreen. (bnc#854516) - HID: multitouch: add support for Atmel 212c touchscreen. (bnc#793727) - HID: multitouch: partial support of win8 devices. (bnc#854516,bnc#793727,bnc#849855) - HID: hid-multitouch: add support for the IDEACOM 6650 chip. (bnc#854516,bnc#793727,bnc#849855) - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864) - ALSA: hda - load EQ params into IDT codec on HP bNB13 systems. (bnc#850493) - lpfc: correct some issues with txcomplq processing. (bnc#818064) - lpfc: correct an issue with rrq processing. (bnc#818064) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - Pragmatic workaround for realtime class abuse induced latency issues. - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - PCI: pciehp: Retrieve link speed after link is trained. (bnc#820102) - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - PCI: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - PCI: pciehp: make check_link_active more helpful. (bnc#820102) - PCI: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - PCI: pciehp: Add Disable/enable link functions. (bnc#820102) - PCI: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - PCI: fix truncation of resource size to 32 bits. (bnc#843419) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - mei: ME hardware reset needs to be synchronized. (bnc#821619) - kabi: Restore struct irq_desc::timer_rand_state. - fs3270: unloading module does not remove device (bnc#851879, LTC#100284). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - isci: Fix a race condition in the SSP task management path. (bnc#826978) - ptp: dynamic allocation of PHC char devices. (bnc#851290) - efifb: prevent null-deref when iterating dmi_list. (bnc#848055) - dm-mpath: Fixup race condition in activate_path(). (bnc#708296) - dm-mpath: do not detach stale hardware handler. (bnc#708296) - dm-multipath: Improve logging. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: fixup misplaced brace in alua_initialize(). (bnc#858831) - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions. (bnc#850103) - drm/mgag200: Bug fix: Modified pll algorithm for EH project. (bnc#841654) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72325
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72325
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-113.NASL
    description The Linux kernel was updated to fix various bugs and security issues : - mm/page-writeback.c: do not count anon pages as dirtyable memory (reclaim stalls). - mm/page-writeback.c: fix dirty_balance_reserve subtraction from dirtyable memory (reclaim stalls). - compat_sys_recvmmsg X32 fix (bnc#860993 CVE-2014-0038). - hwmon: (coretemp) Fix truncated name of alarm attributes - net: fib: fib6_add: fix potential NULL pointer dereference (bnc#854173 CVE-2013-6431). - keys: fix race with concurrent install_user_keyrings() (bnc#808358)(CVE-2013-1792). - KVM: x86: Convert vapic synchronization to _cached functions (CVE-2013-6368) (bnc#853052 CVE-2013-6368). - wireless: radiotap: fix parsing buffer overrun (bnc#854634 CVE-2013-7027). - KVM: x86: fix guest-initiated crash with x2apic (CVE-2013-6376) (bnc#853053 CVE-2013-6376). - KVM: x86: Fix potential divide by 0 in lapic (CVE-2013-6367) (bnc#853051 CVE-2013-6367). - KVM: Improve create VCPU parameter (CVE-2013-4587) (bnc#853050 CVE-2013-4587). - staging: ozwpan: prevent overflow in oz_cdev_write() (bnc#849023 CVE-2013-4513). - perf/x86: Fix offcore_rsp valid mask for SNB/IVB (bnc#825006). - perf/x86: Add Intel IvyBridge event scheduling constraints (bnc#825006). - libertas: potential oops in debugfs (bnc#852559 CVE-2013-6378). - aacraid: prevent invalid pointer dereference (bnc#852373 CVE-2013-6380). - staging: wlags49_h2: buffer overflow setting station name (bnc#849029 CVE-2013-4514). - net: flow_dissector: fail on evil iph->ihl (bnc#848079 CVE-2013-4348). - Staging: bcm: info leak in ioctl (bnc#849034 CVE-2013-4515). - Refresh patches.fixes/net-rework-recvmsg-handler-msg_name-and-ms g_namelen-logic.patch. - ipv6: remove max_addresses check from ipv6_create_tempaddr (bnc#805226, CVE-2013-0343). - net: rework recvmsg handler msg_name and msg_namelen logic (bnc#854722). - crypto: ansi_cprng - Fix off by one error in non-block size request (bnc#840226). - x6: Fix reserve_initrd so that acpi_initrd_override is reached (bnc#831836). - Refresh other Xen patches. - aacraid: missing capable() check in compat ioctl (bnc#852558). - patches.fixes/gpio-ich-fix-ichx_gpio_check_available-ret urn.patch: Update upstream reference - perf/ftrace: Fix paranoid level for enabling function tracer (bnc#849362). - xhci: fix NULL pointer dereference on ring_doorbell_for_active_rings (bnc#848255). - xhci: Fix oops happening after address device timeout (bnc#848255). - xhci: Ensure a command structure points to the correct trb on the command ring (bnc#848255). - patches.arch/iommu-vt-d-remove-stack-trace-from-broken-i rq-remapping-warning.patch: Update upstream reference. - Allow NFSv4 username mapping to work properly (bnc#838024). - Refresh btrfs attribute publishing patchset to match openSUSE-13.1 No user-visible changes, but uses kobj_sysfs_ops and better kobject lifetime management. - Fix a few incorrectly checked [io_]remap_pfn_range() calls (bnc#849021, CVE-2013-4511). - drm/radeon: don't set hpd, afmt interrupts when interrupts are disabled. - patches.fixes/cifs-fill-TRANS2_QUERY_FILE_INFO-ByteCount -fields.patch: Fix TRANS2_QUERY_FILE_INFO ByteCount fields (bnc#804950). - iommu: Remove stack trace from broken irq remapping warning (bnc#844513). - Disable patches related to bnc#840656 patches.suse/btrfs-cleanup-don-t-check-the-same-thing-tw ice patches.suse/btrfs-0220-fix-for-patch-cleanup-don-t-chec k-the-same-thi.patch - btrfs: use feature attribute names to print better error messages. - btrfs: add ability to change features via sysfs. - btrfs: add publishing of unknown features in sysfs. - btrfs: publish per-super features to sysfs. - btrfs: add per-super attributes to sysfs. - btrfs: export supported featured to sysfs. - kobject: introduce kobj_completion. - btrfs: add ioctls to query/change feature bits online. - btrfs: use btrfs_commit_transaction when setting fslabel. - x86/iommu/vt-d: Expand interrupt remapping quirk to cover x58 chipset (bnc#844513). - NFSv4: Fix issues in nfs4_discover_server_trunking (bnc#811746). - iommu/vt-d: add quirk for broken interrupt remapping on 55XX chipsets (bnc#844513).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 75251
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=75251
    title openSUSE Security Update : kernel (openSUSE-SU-2014:0204-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-0771.NASL
    description From Red Hat Security Advisory 2014:0771 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-02-15
    plugin id 76155
    published 2014-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76155
    title Oracle Linux 6 : kernel (ELSA-2014-0771)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2065-1.NASL
    description Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) A flaw was discovered in the Linux kernel's IP Virtual Server (IP_VS) support. A local user with the CAP_NET_ADMIN capability could exploit this flaw to gain additional administrative privileges. (CVE-2013-4588) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71792
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71792
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2065-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2070-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) Jason Wang discovered a bug in the network flow dissector in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (infinite loop). (CVE-2013-4348) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. (CVE-2013-4511) Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo Devices USB over WiFi devices. A local user could exploit this flaw to cause a denial of service or possibly unspecified impact. (CVE-2013-4513) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain administrative priviliges. (CVE-2013-4514) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-4515) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for the SystemBase Multi-2/PCI serial card. An unprivileged user could obtain sensitive information from kernel memory. (CVE-2013-4516) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380) A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763) A race condition flaw was discovered in the Linux kernel's ipc shared memory implimentation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecied other impacts. (CVE-2013-7026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71796
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71796
    title Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2070-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2112-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's perf event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72575
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72575
    title Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2112-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0189-1.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). - vfs: fix O_DIRECT read past end of block device (bnc#820338). - cifs: Improve performance of browsing directories with several files (bnc#810323). cifs: Ensure cifs directories do not show up as files (bnc#826602). dm-multipath: abort all requests when failing a path (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - cleanup setting task state in scsi_error_handler() (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). - iscsi_target: race condition on shutdown (bnc#850072). - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). - advansys: Remove 'last_reset' references (bnc#856481). - dc395: Move 'last_reset' into internal host structure (bnc#856481). - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481). - remove check for 'resetting' (bnc#856481). tmscsim: Move 'last_reset' into host structure (bnc#856481). scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist (bnc#846654). md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). X.509: Fix certificate gathering (bnc#805114). pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). xen: fixed USB passthrough issue (bnc#852624). igb: Fix get_fw_version function for all parts (bnc#848317). - igb: Refactor of init_nvm_params (bnc#848317). - r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). bnx2x: remove false warning regarding interrupt number (bnc#769035). usb: Fix xHCI host issues on remote wakeup (bnc#846989). - xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). - Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor port status into a new function (bnc#840116). HID: multitouch: Add support for NextWindow 0340 touchscreen (bnc#849855). - HID: multitouch: Add support for Qaunta 3027 touchscreen (bnc#854516). - HID: multitouch: add support for Atmel 212c touchscreen (bnc#793727). - HID: multitouch: partial support of win8 devices (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch: add support for the IDEACOM 6650 chip (bnc#854516,bnc#793727,bnc#849855). ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). lpfc: correct some issues with txcomplq processing (bnc#818064). lpfc: correct an issue with rrq processing (bnc#818064). block: factor out vector mergeable decision to a helper function (bnc#769644). block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). sd: avoid deadlocks when running under multipath (bnc#818545). - sd: fix crash when UA received on DIF enabled device (bnc#841445). sg: fix blk_get_queue usage (bnc#834808). lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). - lpfc: Fix kernel warning on spinlock usage (bnc#806988). lpfc: Fixed system panic due to midlayer abort (bnc#806988). qla2xxx: Add module parameter to override the default request queue size (bnc#826756). qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). Pragmatic workaround for realtime class abuse induced latency issues. Provide realtime priority kthread and workqueue boot options (bnc#836718). mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). - mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). - net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). bna: do not register ndo_set_rx_mode callback (bnc#847261). PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). - PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). - PCI: pciehp: make check_link_active more helpful (bnc#820102). - PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). - PCI: pciehp: Add Disable/enable link functions (bnc#820102). - PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). PCI: fix truncation of resource size to 32 bits (bnc#843419). hv: handle more than just WS2008 in KVP negotiation (bnc#850640). mei: ME hardware reset needs to be synchronized (bnc#821619). kabi: Restore struct irq_desc::timer_rand_state. fs3270: unloading module does not remove device (bnc#851879, LTC#100284). cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). isci: Fix a race condition in the SSP task management path (bnc#826978). ptp: dynamic allocation of PHC char devices (bnc#851290). efifb: prevent null-deref when iterating dmi_list (bnc#848055). dm-mpath: Fixup race condition in activate_path() (bnc#708296). - dm-mpath: do not detach stale hardware handler (bnc#708296). dm-multipath: Improve logging (bnc#708296). scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). - scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). - scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). - scsi_dh_alua: Evaluate state for all port groups (bnc#708296). - scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). - scsi_dh_alua: Make stpg synchronous (bnc#708296). - scsi_dh_alua: Pass buffer as function argument (bnc#708296). - scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). - scsi_dh_alua: Recheck state on transitioning (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). - scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). - scsi_dh_alua: asynchronous RTPG (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). - scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). - scsi_dh_alua: move RTPG to workqueue (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh_alua: move some sense code handling into generic code (bnc#813245). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - scsi_dh_alua: parse target device id (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: put sense buffer on stack (bnc#708296). - scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). - scsi_dh_alua: simplify alua_check_sense() (bnc#843642). - scsi_dh_alua: simplify state update (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: use flag for RTPG extended header (bnc#708296). - scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). scsi_dh_alua: fixup misplaced brace in alua_initialize() (bnc#858831). drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). - drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). drm: do not add inferred modes for monitors that do not support them (bnc #849809). s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83609
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83609
    title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2013-22695.NASL
    description The 3.11.10 stable update contains a number of important fixes across the tree Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 71283
    published 2013-12-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71283
    title Fedora 18 : kernel-3.11.10-100.fc18 (2013-22695)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140116.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - xen: netback: bump tx queue length. (bnc#849404) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4 - fix deal with autofs4_write races. (bnc#851314) - autofs4 - use simple_empty() for empty directory check. (bnc#851314) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls. (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - pci/quirks: Modify reset method for Chelsio T4. (bnc#831168) - pci: fix truncation of resource size to 32 bits. (bnc#843419) - pci: pciehp: Retrieve link speed after link is trained. (bnc#820102) - pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - pci: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - pci: pciehp: make check_link_active more helpful. (bnc#820102) - pci: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - pci: pciehp: Add Disable/enable link functions. (bnc#820102) - pci: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72163
    published 2014-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72163
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2066-1.NASL
    description A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. (CVE-2013-4511) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain administrative priviliges. (CVE-2013-4514) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-4515) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763) Evan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71793
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71793
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2066-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2075-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's per event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) Stephan Mueller reported an error in the Linux kernel's ansi cprng random number generator. This flaw makes it easier for a local attacker to break cryptographic protections. (CVE-2013-4345) Jason Wang discovered a bug in the network flow dissector in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (infinite loop). (CVE-2013-4348) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. (CVE-2013-4511) Nico Golde and Fabian Yamaguchi reported a buffer overflow in the Ozmo Devices USB over WiFi devices. A local user could exploit this flaw to cause a denial of service or possibly unspecified impact. (CVE-2013-4513) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain administrative priviliges. (CVE-2013-4514) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-4515) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for the SystemBase Multi-2/PCI serial card. An unprivileged user could obtain sensitive information from kernel memory. (CVE-2013-4516) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380) A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763) A race condition flaw was discovered in the Linux kernel's ipc shared memory implimentation. A local user could exploit this flaw to cause a denial of service (system crash) or possibly have unspecied other impacts. (CVE-2013-7026). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71799
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71799
    title Ubuntu 13.10 : linux vulnerabilities (USN-2075-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2111-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72574
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72574
    title Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2111-1)
redhat via4
advisories
rhsa
id RHSA-2014:0100
rpms
  • kernel-0:2.6.32-431.20.3.el6
  • kernel-abi-whitelists-0:2.6.32-431.20.3.el6
  • kernel-bootwrapper-0:2.6.32-431.20.3.el6
  • kernel-debug-0:2.6.32-431.20.3.el6
  • kernel-debug-devel-0:2.6.32-431.20.3.el6
  • kernel-devel-0:2.6.32-431.20.3.el6
  • kernel-doc-0:2.6.32-431.20.3.el6
  • kernel-firmware-0:2.6.32-431.20.3.el6
  • kernel-headers-0:2.6.32-431.20.3.el6
  • kernel-kdump-0:2.6.32-431.20.3.el6
  • kernel-kdump-devel-0:2.6.32-431.20.3.el6
  • perf-0:2.6.32-431.20.3.el6
  • python-perf-0:2.6.32-431.20.3.el6
refmap via4
bid 63886
confirm
mlist [oss-security] 20131122 Linux kernel CVE fixes
secunia
  • 59262
  • 59309
  • 59406
suse
  • openSUSE-SU-2014:0204
  • openSUSE-SU-2014:0247
ubuntu
  • USN-2064-1
  • USN-2065-1
  • USN-2066-1
  • USN-2067-1
  • USN-2070-1
  • USN-2075-1
  • USN-2111-1
  • USN-2112-1
  • USN-2114-1
  • USN-2115-1
  • USN-2116-1
Last major update 17-07-2014 - 01:01
Published 26-11-2013 - 23:43
Back to Top