ID CVE-2012-2119
Summary Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
References
Vulnerable Configurations
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
CVSS
Base: 5.2 (as of 23-01-2013 - 09:32)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
ADJACENT_NETWORK MEDIUM SINGLE_INSTANCE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-756.NASL
    description The openSUSE 11.4 kernel was updated to fix various bugs and security issues. This is the final update of the 2.6.37 kernel of openSUSE 11.4.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74801
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74801
    title openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0743.NASL
    description From Red Hat Security Advisory 2012:0743 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68544
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68544
    title Oracle Linux 6 : kernel (ELSA-2012-0743)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120618_KERNEL_ON_SL6_X.NASL
    description The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : - A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) - A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) - When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by us for Scientific Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) - It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) - A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) - A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) - A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) - A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) - A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) This update also fixes several bugs. Users should upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61331
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61331
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-357.NASL
    description This kernel update of the openSUSE 12.1 kernel brings various bug and security fixes. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102, CVE-2012-2663). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - be2net: non-member vlan pkts not received in promiscous mode (bnc#732006 CVE-2011-3347). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: set SKBTX_DEV_ZEROCOPY only when skb is built successfully (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: put page when fail to get all requested user pages (bnc#758243 CVE-2012-2119). - macvtap: zerocopy: fix offset calculation when building skb (bnc#758243 CVE-2012-2119). - Avoid reading past buffer when calling GETACL (bnc#762992). - Avoid beyond bounds copy while caching ACL (bnc#762992). - Fix length of buffer copied in __nfs4_get_acl_uncached (bnc#762992). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - usb/net: rndis: merge command codes. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: break out defines. only net/hyperv part - net/hyperv: Add flow control based on hi/low watermark. - hv: fix return type of hv_post_message(). - Drivers: hv: util: Properly handle version negotiations. - Drivers: hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - HID: hyperv: Set the hid drvdata correctly. - HID: hid-hyperv: Do not use hid_parse_report() directly. - [SCSI] storvsc: Properly handle errors from the host (bnc#747404). - Delete patches.suse/suse-hv-storvsc-ignore-ata_16.patch. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition (bnc#762991 CVE-2012-2373). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - net/hyperv: Adding cancellation to ensure rndis filter is closed. - xfs: Fix oops on IO error during xlog_recover_process_iunlinks() (bnc#761681). - thp: reduce khugepaged freezing latency (bnc#760860). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - cdc_ether: Ignore bogus union descriptor for RNDIS devices (bnc#735362). Taking the fix from net-next - Fix kABI breakage due to including proc_fs.h in kernel/fork.c modversion changed because of changes in struct proc_dir_entry (became defined) Refresh patches.fixes/procfs-namespace-pid_ns-fix-leakage-on-for k-failure. - Disabled MMC_TEST (bnc#760077). - Input: ALPS - add semi-MT support for v3 protocol (bnc#716996). - Input: ALPS - add support for protocol versions 3 and 4 (bnc#716996). - Input: ALPS - remove assumptions about packet size (bnc#716996). - Input: ALPS - add protocol version field in alps_model_info (bnc#716996). - Input: ALPS - move protocol information to Documentation (bnc#716996). - sysctl/defaults: kernel.hung_task_timeout -> kernel.hung_task_timeout_secs (bnc#700174) - btrfs: partial revert of truncation improvements (FATE#306586 bnc#748463 bnc#760279). - libata: skip old error history when counting probe trials. - procfs, namespace, pid_ns: fix leakage upon fork() failure (bnc#757783). - cdc-wdm: fix race leading leading to memory corruption (bnc#759554). This patch fixes a race whereby a pointer to a buffer would be overwritten while the buffer was in use leading to a double free and a memory leak. This causes crashes. This bug was introduced in 2.6.34 - netfront: delay gARP until backend switches to Connected. - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus: check availability of XS_RESET_WATCHES command. - xenbus_dev: add missing error checks to watch handling. - drivers/xen/: use strlcpy() instead of strncpy(). - blkfront: properly fail packet requests (bnc#745929). - Linux 3.1.10. - Update Xen config files. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - mqueue: fix a vfsmount longterm reference leak (bnc#757783). - cciss: Add IRQF_SHARED back in for the non-MSI(X) interrupt handler (bnc#757789). - procfs: fix a vfsmount longterm reference leak (bnc#757783). - uwb: fix error handling (bnc#731720). This fixes a kernel error on unplugging an uwb dongle - uwb: fix use of del_timer_sync() in interrupt (bnc#731720). This fixes a kernel warning on plugging in an uwb dongle - acer-wmi: Detect communication hot key number. - acer-wmi: replaced the hard coded bitmap by the communication devices bitmap from SMBIOS. - acer-wmi: add ACER_WMID_v2 interface flag to represent new notebooks. - acer-wmi: No wifi rfkill on Sony machines. - acer-wmi: No wifi rfkill on Lenovo machines. - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - Drivers: scsi: storvsc: Account for in-transit packets in the RESET path. - CPU hotplug, cpusets, suspend: Don't touch cpusets during suspend/resume (bnc#752460). - net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() (bnc#754186, bnc#736268). - This commit fixes suspend to ram breakage reported in bnc#764864. Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined. See bnc#752460 for details regarding the problem the now removed patch fixed while breaking S2R. Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend- or-resume.patch. - Remove dud patch. The problem it addressed is being respun upstream, is in tip, but not yet mainlined. Delete patches.fixes/cpusets-Dont-touch-cpusets-during-suspend- or-resume.patch. - fix VM_FOREIGN users after c/s 878:eba6fe6d8d53 (bnc#760974). - gntdev: fix multi-page slot allocation (bnc#760974). - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populateSMP race condition (bnc#762991 CVE-2012-2373). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE (bnc#762991). - sym53c8xx: Fix NULL pointer dereference in slave_destroy (bnc#767786). - sky2: fix regression on Yukon Optima (bnc#731537).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74661
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74661
    title openSUSE Security Update : Kernel (openSUSE-SU-2012:0812-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0743.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 59609
    published 2012-06-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59609
    title CentOS 6 : kernel (CESA-2012:0743)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-120620.NASL
    description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245)
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 64175
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64175
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Number 6463)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1529-1.NASL
    description A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119) An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137) A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372) Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373) Dan Rosenberg discovered flaws in the Linux kernel's NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code. (CVE-2012-3364) A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system. (CVE-2012-3375) Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400) A flaw was discovered in the madvise feature of the Linux kernel's memory subsystem. An unprivileged local use could exploit the flaw to cause a denial of service (crash the system). (CVE-2012-3511). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 61507
    published 2012-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61507
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-1529-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6386.NASL
    description Fixes CVEs : CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 Also fixes a boot regression on some Dell machines. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58862
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58862
    title Fedora 16 : kernel-3.3.2-6.fc16 (2012-6386)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-342.NASL
    description This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues. Following issues were fixed : - tcp: drop SYN+FIN messages (bnc#765102). - net: sock: validate data_len before allocating skb in sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136). - fcaps: clear the same personality flags as suid when fcaps are used (bnc#758260 CVE-2012-2123). - macvtap: zerocopy: validate vectors before building skb (bnc#758243 CVE-2012-2119). - hfsplus: Fix potential buffer overflows (bnc#760902 CVE-2009-4020). - xfrm: take net hdr len into account for esp payload size calculation (bnc#759545). - ext4: fix undefined behavior in ext4_fill_flex_info() (bnc#757278). - igb: fix rtnl race in PM resume path (bnc#748859). - ixgbe: add missing rtnl_lock in PM resume path (bnc#748859). - b43: allocate receive buffers big enough for max frame len + offset (bnc#717749). - xenbus: Reject replies with payload > XENSTORE_PAYLOAD_MAX. - xenbus_dev: add missing error checks to watch handling. - hwmon: (coretemp-xen) Fix TjMax detection for older CPUs. - hwmon: (coretemp-xen) Relax target temperature range check. - Refresh other Xen patches. - tlan: add cast needed for proper 64 bit operation (bnc#756840). - dl2k: Tighten ioctl permissions (bnc#758813). - [media] cx22702: Fix signal strength. - fs: cachefiles: Add support for large files in filesystem caching (bnc#747038). - bridge: correct IPv6 checksum after pull (bnc#738644). - bridge: fix a possible use after free (bnc#738644). - bridge: Pseudo-header required for the checksum of ICMPv6 (bnc#738644). - bridge: mcast snooping, fix length check of snooped MLDv1/2 (bnc#738644). - PCI/ACPI: Report ASPM support to BIOS if not disabled from command line (bnc#714455). - ipc/sem.c: fix race with concurrent semtimedop() timeouts and IPC_RMID (bnc#756203). - drm/i915/crt: Remove 0xa0 probe for VGA. - tty_audit: fix tty_audit_add_data live lock on audit disabled (bnc#721366). - drm/i915: suspend fbdev device around suspend/hibernate (bnc#732908). - dlm: Do not allocate a fd for peeloff (bnc#729247). - sctp: Export sctp_do_peeloff (bnc#729247). - i2c-algo-bit: Fix spurious SCL timeouts under heavy load. - patches.fixes/epoll-dont-limit-non-nested.patch: Don't limit non-nested epoll paths (bnc#676204). - Update patches.suse/sd_init.mark_majors_busy.patch (bnc#744658). - igb: Fix for Alt MAC Address feature on 82580 and later devices (bnc#746980). - mark busy sd majors as allocated (bug#744658). - regset: Return -EFAULT, not -EIO, on host-side memory fault (bnc# 750079 CVE-2012-1097). - regset: Prevent NULL pointer reference on readonly regsets (bnc#750079 CVE-2012-1097). - mm: memcg: Correct unregistring of events attached to the same eventfd (CVE-2012-1146 bnc#750959). - befs: Validate length of long symbolic links (CVE-2011-2928 bnc#713430). - si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700 bnc#707332). - staging: comedi: fix infoleak to userspace (CVE-2011-2909 bnc#711941). - hfs: add sanity check for file name length (CVE-2011-4330 bnc#731673). - cifs: fix dentry refcount leak when opening a FIFO on lookup (CVE-2012-1090 bnc#749569). - drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044 bnc#740745). - xfs: fix acl count validation in xfs_acl_from_disk() (CVE-2012-0038 bnc#740703). - xfs: validate acl count (CVE-2012-0038 bnc#740703). - patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_ readlink: Work around missing xfs_alert(). - xfs: Fix missing xfs_iunlock() on error recovery path in xfs_readlink() (CVE-2011-4077 bnc#726600). - xfs: Fix possible memory corruption in xfs_readlink (CVE-2011-4077 bnc#726600). - ext4: make ext4_split_extent() handle error correctly. - ext4: ext4_ext_convert_to_initialized bug found in extended FSX testing. - ext4: add ext4_split_extent_at() and ext4_split_extent(). - ext4: reimplement convert and split_unwritten (CVE-2011-3638 bnc#726045). - patches.fixes/epoll-limit-paths.patch: epoll: limit paths (bnc#676204 CVE-2011-1083). - patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi change in struct file (bnc#676204 CVE-2011-1083). - NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279 bnc#747660). - igmp: Avoid zero delay when receiving odd mixture of IGMP queries (bnc#740448 CVE-2012-0207). - jbd2: clear BH_Delay & BH_Unwritten in journal_unmap_buffer (bnc#745832 CVE-2011-4086). - AppArmor: fix oops in apparmor_setprocattr (bnc#717209 CVE-2011-3619). - Refresh patches.suse/SoN-22-netvm.patch. Clean and *working* patches. - Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671) Fix an rcu locking imbalance in the receive path triggered when using vlans. - Fix mangled patch (invalid date) Although accepted by `patch`, this is rejected by `git apply` - Fix mangled diff lines (leading space tab vs tab) Although accepted by `patch`, these are rejected by `git apply` - jbd/jbd2: validate sb->s_first in journal_get_superblock() (bnc#730118). - fsnotify: don't BUG in fsnotify_destroy_mark() (bnc#689860). - Fix patches.fixes/x25-Handle-undersized-fragmented-skbs.patc h (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-Prevent-skb-overreads-when-checking-ca ll-user-da.patch (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-Validate-incoming-call-user-data-lengt hs.patch (CVE-2010-3873 bnc#651219). - Fix patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260). - Update patches.fixes/econet-4-byte-infoleak-to-the-network.patc h (bnc#681186 CVE-2011-1173). Fix reference. - hwmon: (w83627ehf) Properly report thermal diode sensors. - nl80211: fix overflow in ssid_len (bnc#703410 CVE-2011-2517). - nl80211: fix check for valid SSID size in scan operations (bnc#703410 CVE-2011-2517). - x25: Prevent skb overreads when checking call user data (CVE-2010-3873 bnc#737624). - x25: Handle undersized/fragmented skbs (CVE-2010-3873 bnc#737624). - x25: Validate incoming call user data lengths (CVE-2010-3873 bnc#737624). - x25: possible skb leak on bad facilities (CVE-2010-3873 bnc#737624). - net: Add a flow_cache_flush_deferred function (bnc#737624). - xfrm: avoid possible oopse in xfrm_alloc_dst (bnc#737624). - scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74658
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74658
    title openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0743.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A local, unprivileged user could use an integer overflow flaw in drm_mode_dirtyfb_ioctl() to cause a denial of service or escalate their privileges. (CVE-2012-0044, Important) * A buffer overflow flaw was found in the macvtap device driver, used for creating a bridged network between the guest and the host in KVM (Kernel-based Virtual Machine) environments. A privileged guest user in a KVM guest could use this flaw to crash the host. Note: This issue only affected hosts that have the vhost_net module loaded with the experimental_zcopytx module option enabled (it is not enabled by default), and that also have macvtap configured for at least one guest. (CVE-2012-2119, Important) * When a set user ID (setuid) application is executed, certain personality flags for controlling the application's behavior are cleared (that is, a privileged application will not be affected by those flags). It was found that those flags were not cleared if the application was made privileged via file system capabilities. A local, unprivileged user could use this flaw to change the behavior of such applications, allowing them to bypass intended restrictions. Note that for default installations, no application shipped by Red Hat for Red Hat Enterprise Linux is made privileged via file system capabilities. (CVE-2012-2123, Important) * It was found that the data_len parameter of the sock_alloc_send_pskb() function in the Linux kernel's networking implementation was not validated before use. A privileged guest user in a KVM guest could use this flaw to crash the host or, possibly, escalate their privileges on the host. (CVE-2012-2136, Important) * A buffer overflow flaw was found in the setup_routing_entry() function in the KVM subsystem of the Linux kernel in the way the Message Signaled Interrupts (MSI) routing entry was handled. A local, unprivileged user could use this flaw to cause a denial of service or, possibly, escalate their privileges. (CVE-2012-2137, Important) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_none_or_clear_bad(), when called with mmap_sem in read mode, and Transparent Huge Pages (THP) page faults interacted. A privileged user in a KVM guest with the ballooning functionality enabled could potentially use this flaw to crash the host. A local, unprivileged user could use this flaw to crash the system. (CVE-2012-1179, Moderate) * A flaw was found in the way device memory was handled during guest device removal. Upon successful device removal, memory used by the device was not properly unmapped from the corresponding IOMMU or properly released from the kernel, leading to a memory leak. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2012-2121, Moderate) * A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372, Moderate) * A race condition was found in the Linux kernel's memory management subsystem in the way pmd_populate() and pte_offset_map_lock() interacted on 32-bit x86 systems with more than 4GB of RAM. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2373, Moderate) Red Hat would like to thank Chen Haogang for reporting CVE-2012-0044. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. Users should upgrade to these updated packages, which contain backported patches to correct these issues, and fix the bugs noted in the Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 59562
    published 2012-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59562
    title RHEL 6 : kernel (RHSA-2012:0743)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6344.NASL
    description Fixes CVEs : CVE-2012-2119 CVE-2012-2123 CVE-2012-2121 Also fixes some fail to boot issues on various Dell machines. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58836
    published 2012-04-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58836
    title Fedora 17 : kernel-3.3.2-8.fc17 (2012-6344)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-120621.NASL
    description The SUSE Linux Enterprise 11 SP2 kernel was updated to 3.0.34, fixing a lot of bugs and security issues. The update from Linux kernel 3.0.31 to 3.0.34 also fixes various bugs not listed here. The following security issues have been fixed : - Local attackers could trigger an overflow in sock_alloc_send_pksb(), potentially crashing the machine or escalate privileges. (CVE-2012-2136) - A memory leak in transparent hugepages on mmap failure could be used by local attacker to run the machine out of memory (local denial of service). (CVE-2012-2390) - A malicious guest driver could overflow the host stack by passing a long descriptor, so potentially crashing the host system or escalating privileges on the host. (CVE-2012-2119) - Malicious NFS server could crash the clients when more than 2 GETATTR bitmap words are returned in response to the FATTR4_ACL attribute requests, only incompletely fixed by CVE-2011-4131. (CVE-2012-2375) The following non-security bugs have been fixed : Hyper-V : - storvsc: Properly handle errors from the host. (bnc#747404) - HID: hid-hyperv: Do not use hid_parse_report() directly. - HID: hyperv: Set the hid drvdata correctly. - drivers/hv: Get rid of an unnecessary check in vmbus_prep_negotiate_resp(). - drivers/hv: util: Properly handle version negotiations. - hv: fix return type of hv_post_message(). - net/hyperv: Add flow control based on hi/low watermark. - usb/net: rndis: break out <1/rndis.h> defines. only net/hyperv part - usb/net: rndis: remove ambiguous status codes. only net/hyperv part - usb/net: rndis: merge command codes. only net/hyperv part - net/hyperv: Adding cancellation to ensure rndis filter is closed. - update hv drivers to 3.4-rc1, requires new hv_kvp_daemon : - drivers: hv: kvp: Add/cleanup connector defines. - drivers: hv: kvp: Move the contents of hv_kvp.h to hyperv.h. - net/hyperv: Convert camel cased variables in rndis_filter.c to lower cases. - net/hyperv: Correct the assignment in netvsc_recv_callback(). - net/hyperv: Remove the unnecessary memset in rndis_filter_send(). - drivers: hv: Cleanup the kvp related state in hyperv.h. - tools: hv: Use hyperv.h to get the KVP definitions. - drivers: hv: kvp: Cleanup the kernel/user protocol. - drivers: hv: Increase the number of VCPUs supported in the guest. - net/hyperv: Fix data corruption in rndis_filter_receive(). - net/hyperv: Add support for vlan trunking from guests. - Drivers: hv: Add new message types to enhance KVP. - Drivers: hv: Support the newly introduced KVP messages in the driver. - Tools: hv: Fully support the new KVP verbs in the user level daemon. - Tools: hv: Support enumeration from all the pools. - net/hyperv: Fix the code handling tx busy. - patches.suse/suse-hv-pata_piix-ignore-disks.patch replace our version of this patch with upstream variant: ata_piix: defer disks to the Hyper-V drivers by default libata: add a host flag to ignore detected ATA devices. Btrfs : - btrfs: more module message prefixes. - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: flush all the dirty pages if try_to_writeback_inodes_sb_nr() fails - vfs: re-implement writeback_inodes_sb(_nr)_if_idle() and rename them - btrfs: fix locking in btrfs_destroy_delayed_refs - btrfs: wake up transaction waiters when aborting a transaction - btrfs: abort the transaction if the commit fails - btrfs: fix btrfs_destroy_marked_extents - btrfs: unlock everything properly in the error case for nocow - btrfs: fix return code in drop_objectid_items - btrfs: check to see if the inode is in the log before fsyncing - btrfs: pass locked_page into extent_clear_unlock_delalloc if theres an error - btrfs: check the return code of btrfs_save_ino_cache - btrfs: do not update atime for RO snapshots (FATE#306586). - btrfs: convert the inode bit field to use the actual bit operations - btrfs: fix deadlock when the process of delayed refs fails - btrfs: stop defrag the files automatically when doin readonly remount or umount - btrfs: avoid memory leak of extent state in error handling routine - btrfs: make sure that we have made everything in pinned tree clean - btrfs: destroy the items of the delayed inodes in error handling routine - btrfs: ulist realloc bugfix - btrfs: bugfix in btrfs_find_parent_nodes - btrfs: bugfix: ignore the wrong key for indirect tree block backrefs - btrfs: avoid buffer overrun in btrfs_printk - btrfs: fall back to non-inline if we do not have enough space - btrfs: NUL-terminate path buffer in DEV_INFO ioctl result - btrfs: avoid buffer overrun in mount option handling - btrfs: do not do balance in readonly mode - btrfs: fix the same inode id problem when doing auto defragment - btrfs: fix wrong error returned by adding a device - btrfs: use fastpath in extent state ops as much as possible Misc : - tcp: drop SYN+FIN messages. (bnc#765102) - mm: avoid swapping out with swappiness==0 (swappiness). - thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE. (bnc#762991) - paravirt: Split paravirt MMU ops (bnc#556135, bnc#754690, FATE#306453). - paravirt: Only export pv_mmu_ops symbol if PARAVIRT_MMU - parvirt: Stub support KABI for KVM_MMU (bnc#556135, bnc#754690, FATE#306453). - tmpfs: implement NUMA node interleaving. (bnc#764209) - synaptics-hp-clickpad: Fix the detection of LED on the recent HP laptops. (bnc#765524) - supported.conf: mark xt_AUDIT as supported. (bnc#765253) - mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition. (bnc#762991 / CVE-2012-2373) - xhci: Do not free endpoints in xhci_mem_cleanup(). (bnc#763307) - xhci: Fix invalid loop check in xhci_free_tt_info(). (bnc#763307) - drm: Skip too big EDID extensions. (bnc#764900) - drm/i915: Add HP EliteBook to LVDS-temporary-disable list. (bnc#763717) - hwmon: (fam15h_power) Increase output resolution. (bnc#759336) - hwmon: (k10temp) Add support for AMD Trinity CPUs. (bnc#759336) - rpm/kernel-binary.spec.in: Own the right -kdump initrd. (bnc#764500) - memcg: prevent from OOM with too many dirty pages. - dasd: re-prioritize partition detection message (bnc#764091,LTC#81617). - kernel: pfault task state race (bnc#764091,LTC#81724). - kernel: clear page table for sw large page emulation (bnc#764091,LTC#81933). - USB: fix bug of device descriptor got from superspeed device. (bnc#761087) - xfrm: take net hdr len into account for esp payload size calculation. (bnc#759545) - st: clean up dev cleanup in st_probe. (bnc#760806) - st: clean up device file creation and removal. (bnc#760806) - st: get rid of scsi_tapes array. (bnc#760806) - st: raise device limit. (bnc#760806) - st: Use static class attributes. (bnc#760806) - mm: Optimize put_mems_allowed() usage (VM performance). - cifs: fix oops while traversing open file list (try #4). (bnc#756050) - scsi: Fix dm-multipath starvation when scsi host is busy. (bnc#763485) - dasd: process all requests in the device tasklet. (bnc#763267) - rt2x00:Add RT539b chipset support. (bnc#760237) - kabi/severities: Ignore changes in drivers/net/wireless/rt2x00, these are just exports used among the rt2x00 modules. - rt2800: radio 3xxx: reprogram only lower bits of RF_R3. (bnc#759805) - rt2800: radio 3xxx: program RF_R1 during channel switch. (bnc#759805) - rt2800: radio 3xxxx: channel switch RX/TX calibration fixes. (bnc#759805) - rt2x00: Avoid unnecessary uncached. (bnc#759805) - rt2x00: Introduce sta_add/remove callbacks. (bnc#759805) - rt2x00: Add WCID to crypto struct. (bnc#759805) - rt2x00: Add WCID to HT TX descriptor. (bnc#759805) - rt2x00: Move bssidx calculation into its own function. (bnc#759805) - rt2x00: Make use of sta_add/remove callbacks in rt2800. (bnc#759805) - rt2x00: Forbid aggregation for STAs not programmed into the hw. (bnc#759805) - rt2x00: handle spurious pci interrupts. (bnc#759805) - rt2800: disable DMA after firmware load. - rt2800: radio 3xxx: add channel switch calibration routines. (bnc#759805) - rpm/kernel-binary.spec.in: Obsolete ath3k, as it is now in the tree. - floppy: remove floppy-specific O_EXCL handling. (bnc#757315) - floppy: convert to delayed work and single-thread wq. (bnc#761245)
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 64176
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64176
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6453 / 6457)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1514-1.NASL
    description A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled. (CVE-2012-2119) An error was discovered in the Linux kernel's network TUN/TAP device implementation. A local user with access to the TUN/TAP interface (which is not available to unprivileged users until granted by a root user) could exploit this flaw to crash the system or potential gain administrative privileges. (CVE-2012-2136) A flaw was found in how the Linux kernel's KVM (Kernel-based Virtual Machine) subsystem handled MSI (Message Signaled Interrupts). A local unprivileged user could exploit this flaw to cause a denial of service or potentially elevate privileges. (CVE-2012-2137) A flaw was found in the Linux kernel's Reliable Datagram Sockets (RDS) protocol implementation. A local, unprivileged user could use this flaw to cause a denial of service. (CVE-2012-2372) Ulrich Obergfell discovered an error in the Linux kernel's memory management subsystem on 32 bit PAE systems with more than 4GB of memory installed. A local unprivileged user could exploit this flaw to crash the system. (CVE-2012-2373) Dan Rosenberg discovered flaws in the Linux kernel's NCI (Near Field Communication Controller Interface). A remote attacker could exploit these flaws to crash the system or potentially execute privileged code. (CVE-2012-3364) A flaw was discovered in the Linux kernel's epoll system call. An unprivileged local user could use this flaw to crash the system. (CVE-2012-3375) Some errors where discovered in the Linux kernel's UDF file system, which is used to mount some CD-ROMs and DVDs. An unprivileged local user could use these flaws to crash the system. (CVE-2012-3400)
    last seen 2019-02-21
    modified 2016-12-01
    plugin id 61506
    published 2012-08-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61506
    title USN-1514-1 : linux-ti-omap4 vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-6406.NASL
    description Fixes CVEs : CVE-2012-2123 CVE-2012-2121 CVE-2012-2119 Also fixes a boot regression on some Dell machines Linux 3.3.2 There was a regression at the DVB core, affecting applications that require the DVB status before having a lock. In order to allow a broader test (including my environment). All new patches from the upstream media tree up to Apr, 10 got backported plus the fix patches, in order to have, among other things, the az6007 and af9035 drivers backported. Various bugfixes. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58881
    published 2012-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58881
    title Fedora 15 : kernel-2.6.43.2-6.fc15 (2012-6406)
redhat via4
advisories
rhsa
id RHSA-2012:0743
rpms
  • kernel-0:2.6.32-220.23.1.el6
  • kernel-bootwrapper-0:2.6.32-220.23.1.el6
  • kernel-debug-0:2.6.32-220.23.1.el6
  • kernel-debug-devel-0:2.6.32-220.23.1.el6
  • kernel-devel-0:2.6.32-220.23.1.el6
  • kernel-doc-0:2.6.32-220.23.1.el6
  • kernel-firmware-0:2.6.32-220.23.1.el6
  • kernel-headers-0:2.6.32-220.23.1.el6
  • kernel-kdump-0:2.6.32-220.23.1.el6
  • kernel-kdump-devel-0:2.6.32-220.23.1.el6
  • perf-0:2.6.32-220.23.1.el6
  • python-perf-0:2.6.32-220.23.1.el6
refmap via4
confirm
mlist
  • [linux-netdev] 20120416 [PATCH 3/6] macvtap: zerocopy: validate vector length before pinning user pages
  • [oss-security] 20120419 Re: CVE request -- kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
suse openSUSE-SU-2013:0925
ubuntu USN-1529-1
Last major update 20-06-2013 - 23:11
Published 22-01-2013 - 18:55
Back to Top