ID CVE-2013-4592
Summary Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots.
References
Vulnerable Configurations
  • Linux Kernel 3.0 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.0:rc1
  • Linux Kernel 3.0 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.0:rc2
  • Linux Kernel 3.0 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.0:rc3
  • Linux Kernel 3.0 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.0:rc4
  • Linux Kernel 3.0 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.0:rc5
  • Linux Kernel 3.0 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.0:rc6
  • Linux Kernel 3.0 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.0:rc7
  • Linux Kernel 3.0.1
    cpe:2.3:o:linux:linux_kernel:3.0.1
  • Linux Kernel 3.0.10
    cpe:2.3:o:linux:linux_kernel:3.0.10
  • Linux Kernel 3.0.11
    cpe:2.3:o:linux:linux_kernel:3.0.11
  • Linux Kernel 3.0.12
    cpe:2.3:o:linux:linux_kernel:3.0.12
  • Linux Kernel 3.0.13
    cpe:2.3:o:linux:linux_kernel:3.0.13
  • Linux Kernel 3.0.14
    cpe:2.3:o:linux:linux_kernel:3.0.14
  • Linux Kernel 3.0.15
    cpe:2.3:o:linux:linux_kernel:3.0.15
  • Linux Kernel 3.0.16
    cpe:2.3:o:linux:linux_kernel:3.0.16
  • Linux Kernel 3.0.17
    cpe:2.3:o:linux:linux_kernel:3.0.17
  • Linux Kernel 3.0.18
    cpe:2.3:o:linux:linux_kernel:3.0.18
  • Linux Kernel 3.0.19
    cpe:2.3:o:linux:linux_kernel:3.0.19
  • Linux Kernel 3.0.2
    cpe:2.3:o:linux:linux_kernel:3.0.2
  • Linux Kernel 3.0.20
    cpe:2.3:o:linux:linux_kernel:3.0.20
  • Linux Kernel 3.0.21
    cpe:2.3:o:linux:linux_kernel:3.0.21
  • Linux Kernel 3.0.22
    cpe:2.3:o:linux:linux_kernel:3.0.22
  • Linux Kernel 3.0.23
    cpe:2.3:o:linux:linux_kernel:3.0.23
  • Linux Kernel 3.0.24
    cpe:2.3:o:linux:linux_kernel:3.0.24
  • Linux Kernel 3.0.25
    cpe:2.3:o:linux:linux_kernel:3.0.25
  • Linux Kernel 3.0.26
    cpe:2.3:o:linux:linux_kernel:3.0.26
  • Linux Kernel 3.0.27
    cpe:2.3:o:linux:linux_kernel:3.0.27
  • Linux Kernel 3.0.28
    cpe:2.3:o:linux:linux_kernel:3.0.28
  • Linux Kernel 3.0.29
    cpe:2.3:o:linux:linux_kernel:3.0.29
  • Linux Kernel 3.0.3
    cpe:2.3:o:linux:linux_kernel:3.0.3
  • Linux Kernel 3.0.30
    cpe:2.3:o:linux:linux_kernel:3.0.30
  • Linux Kernel 3.0.31
    cpe:2.3:o:linux:linux_kernel:3.0.31
  • Linux Kernel 3.0.32
    cpe:2.3:o:linux:linux_kernel:3.0.32
  • Linux Kernel 3.0.33
    cpe:2.3:o:linux:linux_kernel:3.0.33
  • Linux Kernel 3.0.34
    cpe:2.3:o:linux:linux_kernel:3.0.34
  • Linux Kernel 3.0.35
    cpe:2.3:o:linux:linux_kernel:3.0.35
  • Linux Kernel 3.0.36
    cpe:2.3:o:linux:linux_kernel:3.0.36
  • Linux Kernel 3.0.37
    cpe:2.3:o:linux:linux_kernel:3.0.37
  • Linux Kernel 3.0.38
    cpe:2.3:o:linux:linux_kernel:3.0.38
  • Linux Kernel 3.0.39
    cpe:2.3:o:linux:linux_kernel:3.0.39
  • Linux Kernel 3.0.4
    cpe:2.3:o:linux:linux_kernel:3.0.4
  • Linux Kernel 3.0.40
    cpe:2.3:o:linux:linux_kernel:3.0.40
  • Linux Kernel 3.0.41
    cpe:2.3:o:linux:linux_kernel:3.0.41
  • Linux Kernel 3.0.42
    cpe:2.3:o:linux:linux_kernel:3.0.42
  • Linux Kernel 3.0.43
    cpe:2.3:o:linux:linux_kernel:3.0.43
  • Linux Kernel 3.0.44
    cpe:2.3:o:linux:linux_kernel:3.0.44
  • Linux Kernel 3.0.45
    cpe:2.3:o:linux:linux_kernel:3.0.45
  • Linux Kernel 3.0.46
    cpe:2.3:o:linux:linux_kernel:3.0.46
  • Linux Kernel 3.0.47
    cpe:2.3:o:linux:linux_kernel:3.0.47
  • Linux Kernel 3.0.48
    cpe:2.3:o:linux:linux_kernel:3.0.48
  • Linux Kernel 3.0.49
    cpe:2.3:o:linux:linux_kernel:3.0.49
  • Linux Kernel 3.0.5
    cpe:2.3:o:linux:linux_kernel:3.0.5
  • Linux Kernel 3.0.50
    cpe:2.3:o:linux:linux_kernel:3.0.50
  • Linux Kernel 3.0.51
    cpe:2.3:o:linux:linux_kernel:3.0.51
  • Linux Kernel 3.0.52
    cpe:2.3:o:linux:linux_kernel:3.0.52
  • Linux Kernel 3.0.53
    cpe:2.3:o:linux:linux_kernel:3.0.53
  • Linux Kernel 3.0.54
    cpe:2.3:o:linux:linux_kernel:3.0.54
  • Linux Kernel 3.0.55
    cpe:2.3:o:linux:linux_kernel:3.0.55
  • Linux Kernel 3.0.56
    cpe:2.3:o:linux:linux_kernel:3.0.56
  • Linux Kernel 3.0.57
    cpe:2.3:o:linux:linux_kernel:3.0.57
  • Linux Kernel 3.0.58
    cpe:2.3:o:linux:linux_kernel:3.0.58
  • Linux Kernel 3.0.59
    cpe:2.3:o:linux:linux_kernel:3.0.59
  • Linux Kernel 3.0.6
    cpe:2.3:o:linux:linux_kernel:3.0.6
  • Linux Kernel 3.0.60
    cpe:2.3:o:linux:linux_kernel:3.0.60
  • Linux Kernel 3.0.61
    cpe:2.3:o:linux:linux_kernel:3.0.61
  • Linux Kernel 3.0.62
    cpe:2.3:o:linux:linux_kernel:3.0.62
  • Linux Kernel 3.0.63
    cpe:2.3:o:linux:linux_kernel:3.0.63
  • Linux Kernel 3.0.64
    cpe:2.3:o:linux:linux_kernel:3.0.64
  • Linux Kernel 3.0.65
    cpe:2.3:o:linux:linux_kernel:3.0.65
  • Linux Kernel 3.0.66
    cpe:2.3:o:linux:linux_kernel:3.0.66
  • Linux Kernel 3.0.67
    cpe:2.3:o:linux:linux_kernel:3.0.67
  • Linux Kernel 3.0.68
    cpe:2.3:o:linux:linux_kernel:3.0.68
  • Linux Kernel 3.0.7
    cpe:2.3:o:linux:linux_kernel:3.0.7
  • Linux Kernel 3.0.8
    cpe:2.3:o:linux:linux_kernel:3.0.8
  • Linux Kernel 3.0.9
    cpe:2.3:o:linux:linux_kernel:3.0.9
  • Linux Kernel 3.1
    cpe:2.3:o:linux:linux_kernel:3.1
  • Linux Kernel 3.1 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.1:rc1
  • Linux Kernel 3.1 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.1:rc2
  • Linux Kernel 3.1 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.1:rc3
  • Linux Kernel 3.1 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.1:rc4
  • Linux Kernel 3.1.1
    cpe:2.3:o:linux:linux_kernel:3.1.1
  • Linux Kernel 3.1.10
    cpe:2.3:o:linux:linux_kernel:3.1.10
  • Linux Kernel 3.1.2
    cpe:2.3:o:linux:linux_kernel:3.1.2
  • Linux Kernel 3.1.3
    cpe:2.3:o:linux:linux_kernel:3.1.3
  • Linux Kernel 3.1.4
    cpe:2.3:o:linux:linux_kernel:3.1.4
  • Linux Kernel 3.1.5
    cpe:2.3:o:linux:linux_kernel:3.1.5
  • Linux Kernel 3.1.6
    cpe:2.3:o:linux:linux_kernel:3.1.6
  • Linux Kernel 3.1.7
    cpe:2.3:o:linux:linux_kernel:3.1.7
  • Linux Kernel 3.2
    cpe:2.3:o:linux:linux_kernel:3.2
  • Linux Kernel 3.2 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.2:rc2
  • Linux Kernel 3.2 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.2:rc3
  • Linux Kernel 3.2 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.2:rc4
  • Linux Kernel 3.2 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.2:rc5
  • Linux Kernel 3.2 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.2:rc6
  • Linux Kernel 3.2 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.2:rc7
  • Linux Kernel 3.2.1
    cpe:2.3:o:linux:linux_kernel:3.2.1
  • Linux Kernel 3.2.10
    cpe:2.3:o:linux:linux_kernel:3.2.10
  • Linux Kernel 3.2.11
    cpe:2.3:o:linux:linux_kernel:3.2.11
  • Linux Kernel 3.2.12
    cpe:2.3:o:linux:linux_kernel:3.2.12
  • Linux Kernel 3.2.13
    cpe:2.3:o:linux:linux_kernel:3.2.13
  • Linux Kernel 3.2.14
    cpe:2.3:o:linux:linux_kernel:3.2.14
  • Linux Kernel 3.2.15
    cpe:2.3:o:linux:linux_kernel:3.2.15
  • Linux Kernel 3.2.16
    cpe:2.3:o:linux:linux_kernel:3.2.16
  • Linux Kernel 3.2.17
    cpe:2.3:o:linux:linux_kernel:3.2.17
  • Linux Kernel 3.2.18
    cpe:2.3:o:linux:linux_kernel:3.2.18
  • Linux Kernel 3.2.19
    cpe:2.3:o:linux:linux_kernel:3.2.19
  • Linux Kernel 3.2.2
    cpe:2.3:o:linux:linux_kernel:3.2.2
  • Linux Kernel 3.2.20
    cpe:2.3:o:linux:linux_kernel:3.2.20
  • Linux Kernel 3.2.21
    cpe:2.3:o:linux:linux_kernel:3.2.21
  • Linux Kernel 3.2.22
    cpe:2.3:o:linux:linux_kernel:3.2.22
  • Linux Kernel 3.2.23
    cpe:2.3:o:linux:linux_kernel:3.2.23
  • Linux Kernel 3.2.24
    cpe:2.3:o:linux:linux_kernel:3.2.24
  • Linux Kernel 3.2.25
    cpe:2.3:o:linux:linux_kernel:3.2.25
  • Linux Kernel 3.2.26
    cpe:2.3:o:linux:linux_kernel:3.2.26
  • Linux Kernel 3.2.27
    cpe:2.3:o:linux:linux_kernel:3.2.27
  • Linux Kernel 3.2.28
    cpe:2.3:o:linux:linux_kernel:3.2.28
  • Linux Kernel 3.2.29
    cpe:2.3:o:linux:linux_kernel:3.2.29
  • Linux Kernel 3.2.3
    cpe:2.3:o:linux:linux_kernel:3.2.3
  • Linux Kernel 3.2.30
    cpe:2.3:o:linux:linux_kernel:3.2.30
  • Linux Kernel 3.2.4
    cpe:2.3:o:linux:linux_kernel:3.2.4
  • Linux Kernel 3.2.5
    cpe:2.3:o:linux:linux_kernel:3.2.5
  • Linux Kernel 3.2.6
    cpe:2.3:o:linux:linux_kernel:3.2.6
  • Linux Kernel 3.2.7
    cpe:2.3:o:linux:linux_kernel:3.2.7
  • Linux Kernel 3.2.8
    cpe:2.3:o:linux:linux_kernel:3.2.8
  • Linux Kernel 3.2.9
    cpe:2.3:o:linux:linux_kernel:3.2.9
  • Linux Kernel 3.3
    cpe:2.3:o:linux:linux_kernel:3.3
  • Linux Kernel 3.3 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.3:rc1
  • Linux Kernel 3.3 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.3:rc2
  • Linux Kernel 3.3 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.3:rc3
  • Linux Kernel 3.3 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.3:rc4
  • Linux Kernel 3.3 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.3:rc5
  • Linux Kernel 3.3 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.3:rc6
  • Linux Kernel 3.3 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.3:rc7
  • Linux Kernel 3.3.1
    cpe:2.3:o:linux:linux_kernel:3.3.1
  • Linux Kernel 3.3.2
    cpe:2.3:o:linux:linux_kernel:3.3.2
  • Linux Kernel 3.3.3
    cpe:2.3:o:linux:linux_kernel:3.3.3
  • Linux Kernel 3.3.4
    cpe:2.3:o:linux:linux_kernel:3.3.4
  • Linux Kernel 3.3.5
    cpe:2.3:o:linux:linux_kernel:3.3.5
  • Linux Kernel 3.3.6
    cpe:2.3:o:linux:linux_kernel:3.3.6
  • Linux Kernel 3.3.7
    cpe:2.3:o:linux:linux_kernel:3.3.7
  • Linux Kernel 3.3.8
    cpe:2.3:o:linux:linux_kernel:3.3.8
  • Linux Kernel 3.4
    cpe:2.3:o:linux:linux_kernel:3.4
  • Linux Kernel 3.4 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.4:rc1
  • Linux Kernel 3.4 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.4:rc2
  • Linux Kernel 3.4 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.4:rc3
  • Linux Kernel 3.4 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.4:rc4
  • Linux Kernel 3.4 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.4:rc5
  • Linux Kernel 3.4 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.4:rc6
  • Linux Kernel 3.4 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.4:rc7
  • Linux Kernel 3.4.1
    cpe:2.3:o:linux:linux_kernel:3.4.1
  • Linux Kernel 3.4.10
    cpe:2.3:o:linux:linux_kernel:3.4.10
  • Linux Kernel 3.4.11
    cpe:2.3:o:linux:linux_kernel:3.4.11
  • Linux Kernel 3.4.12
    cpe:2.3:o:linux:linux_kernel:3.4.12
  • Linux Kernel 3.4.13
    cpe:2.3:o:linux:linux_kernel:3.4.13
  • Linux Kernel 3.4.14
    cpe:2.3:o:linux:linux_kernel:3.4.14
  • Linux Kernel 3.4.15
    cpe:2.3:o:linux:linux_kernel:3.4.15
  • Linux Kernel 3.4.16
    cpe:2.3:o:linux:linux_kernel:3.4.16
  • Linux Kernel 3.4.17
    cpe:2.3:o:linux:linux_kernel:3.4.17
  • Linux Kernel 3.4.18
    cpe:2.3:o:linux:linux_kernel:3.4.18
  • Linux Kernel 3.4.19
    cpe:2.3:o:linux:linux_kernel:3.4.19
  • Linux Kernel 3.4.2
    cpe:2.3:o:linux:linux_kernel:3.4.2
  • Linux Kernel 3.4.20
    cpe:2.3:o:linux:linux_kernel:3.4.20
  • Linux Kernel 3.4.21
    cpe:2.3:o:linux:linux_kernel:3.4.21
  • Linux Kernel 3.4.22
    cpe:2.3:o:linux:linux_kernel:3.4.22
  • Linux Kernel 3.4.23
    cpe:2.3:o:linux:linux_kernel:3.4.23
  • Linux Kernel 3.4.24
    cpe:2.3:o:linux:linux_kernel:3.4.24
  • Linux Kernel 3.4.25
    cpe:2.3:o:linux:linux_kernel:3.4.25
  • Linux Kernel 3.4.26
    cpe:2.3:o:linux:linux_kernel:3.4.26
  • Linux Kernel 3.4.27
    cpe:2.3:o:linux:linux_kernel:3.4.27
  • Linux Kernel 3.4.28
    cpe:2.3:o:linux:linux_kernel:3.4.28
  • Linux Kernel 3.4.29
    cpe:2.3:o:linux:linux_kernel:3.4.29
  • Linux Kernel 3.4.3
    cpe:2.3:o:linux:linux_kernel:3.4.3
  • Linux Kernel 3.4.30
    cpe:2.3:o:linux:linux_kernel:3.4.30
  • Linux Kernel 3.4.31
    cpe:2.3:o:linux:linux_kernel:3.4.31
  • Linux Kernel 3.4.32
    cpe:2.3:o:linux:linux_kernel:3.4.32
  • Linux Kernel 3.4.4
    cpe:2.3:o:linux:linux_kernel:3.4.4
  • Linux Kernel 3.4.5
    cpe:2.3:o:linux:linux_kernel:3.4.5
  • Linux Kernel 3.4.6
    cpe:2.3:o:linux:linux_kernel:3.4.6
  • Linux Kernel 3.4.7
    cpe:2.3:o:linux:linux_kernel:3.4.7
  • Linux Kernel 3.4.8
    cpe:2.3:o:linux:linux_kernel:3.4.8
  • Linux Kernel 3.4.9
    cpe:2.3:o:linux:linux_kernel:3.4.9
  • Linux Kernel 3.5.1
    cpe:2.3:o:linux:linux_kernel:3.5.1
  • Linux Kernel 3.5.2
    cpe:2.3:o:linux:linux_kernel:3.5.2
  • Linux Kernel 3.5.3
    cpe:2.3:o:linux:linux_kernel:3.5.3
  • Linux Kernel 3.5.4
    cpe:2.3:o:linux:linux_kernel:3.5.4
  • Linux Kernel 3.5.5
    cpe:2.3:o:linux:linux_kernel:3.5.5
  • Linux Kernel 3.5.6
    cpe:2.3:o:linux:linux_kernel:3.5.6
  • Linux Kernel 3.5.7
    cpe:2.3:o:linux:linux_kernel:3.5.7
  • Linux Kernel 3.6
    cpe:2.3:o:linux:linux_kernel:3.6
  • Linux Kernel 3.6.1
    cpe:2.3:o:linux:linux_kernel:3.6.1
  • Linux Kernel 3.6.10
    cpe:2.3:o:linux:linux_kernel:3.6.10
  • Linux Kernel 3.6.11
    cpe:2.3:o:linux:linux_kernel:3.6.11
  • Linux Kernel 3.6.2
    cpe:2.3:o:linux:linux_kernel:3.6.2
  • Linux Kernel 3.6.3
    cpe:2.3:o:linux:linux_kernel:3.6.3
  • Linux Kernel 3.6.4
    cpe:2.3:o:linux:linux_kernel:3.6.4
  • Linux Kernel 3.6.5
    cpe:2.3:o:linux:linux_kernel:3.6.5
  • Linux Kernel 3.6.6
    cpe:2.3:o:linux:linux_kernel:3.6.6
  • Linux Kernel 3.6.7
    cpe:2.3:o:linux:linux_kernel:3.6.7
  • Linux Kernel 3.6.8
    cpe:2.3:o:linux:linux_kernel:3.6.8
  • Linux Kernel 3.6.9
    cpe:2.3:o:linux:linux_kernel:3.6.9
  • Linux Kernel 3.7
    cpe:2.3:o:linux:linux_kernel:3.7
  • Linux Kernel 3.7.1
    cpe:2.3:o:linux:linux_kernel:3.7.1
  • Linux Kernel 3.7.10
    cpe:2.3:o:linux:linux_kernel:3.7.10
  • Linux Kernel 3.7.2
    cpe:2.3:o:linux:linux_kernel:3.7.2
  • Linux Kernel 3.7.3
    cpe:2.3:o:linux:linux_kernel:3.7.3
  • Linux Kernel 3.7.4
    cpe:2.3:o:linux:linux_kernel:3.7.4
  • Linux Kernel 3.7.5
    cpe:2.3:o:linux:linux_kernel:3.7.5
  • Linux Kernel 3.7.6
    cpe:2.3:o:linux:linux_kernel:3.7.6
  • Linux Kernel 3.7.7
    cpe:2.3:o:linux:linux_kernel:3.7.7
  • Linux Kernel 3.7.8
    cpe:2.3:o:linux:linux_kernel:3.7.8
  • Linux Kernel 3.7.9
    cpe:2.3:o:linux:linux_kernel:3.7.9
  • Linux Kernel 3.8.0
    cpe:2.3:o:linux:linux_kernel:3.8.0
  • Linux Kernel 3.8.1
    cpe:2.3:o:linux:linux_kernel:3.8.1
  • Linux Kernel 3.8.10
    cpe:2.3:o:linux:linux_kernel:3.8.10
  • Linux Kernel 3.8.11
    cpe:2.3:o:linux:linux_kernel:3.8.11
  • Linux Kernel 3.8.12
    cpe:2.3:o:linux:linux_kernel:3.8.12
  • Linux Kernel 3.8.13
    cpe:2.3:o:linux:linux_kernel:3.8.13
  • Linux Kernel 3.8.2
    cpe:2.3:o:linux:linux_kernel:3.8.2
  • Linux Kernel 3.8.3
    cpe:2.3:o:linux:linux_kernel:3.8.3
  • Linux Kernel 3.8.4
    cpe:2.3:o:linux:linux_kernel:3.8.4
  • Linux Kernel 3.8.5
    cpe:2.3:o:linux:linux_kernel:3.8.5
  • Linux Kernel 3.8.6
    cpe:2.3:o:linux:linux_kernel:3.8.6
  • Linux Kernel 3.8.7
    cpe:2.3:o:linux:linux_kernel:3.8.7
  • Linux Kernel 3.8.8
    cpe:2.3:o:linux:linux_kernel:3.8.8
  • Linux Kernel 3.8.9
    cpe:2.3:o:linux:linux_kernel:3.8.9
  • Linux Kernel 3.9 release candidate 1
    cpe:2.3:o:linux:linux_kernel:3.9:rc1
  • Linux Kernel 3.9 release candidate 2
    cpe:2.3:o:linux:linux_kernel:3.9:rc2
  • Linux Kernel 3.9 release candidate 3
    cpe:2.3:o:linux:linux_kernel:3.9:rc3
  • Linux Kernel 3.9 release candidate 4
    cpe:2.3:o:linux:linux_kernel:3.9:rc4
  • Linux Kernel 3.9 release candidate 5
    cpe:2.3:o:linux:linux_kernel:3.9:rc5
  • Linux Kernel 3.9 release candidate 6
    cpe:2.3:o:linux:linux_kernel:3.9:rc6
  • Linux Kernel 3.9 release candidate 7
    cpe:2.3:o:linux:linux_kernel:3.9:rc7
  • Linux Kernel 3.1.9
    cpe:2.3:o:linux:linux_kernel:3.1.9
  • Linux Kernel 3.1.8
    cpe:2.3:o:linux:linux_kernel:3.1.8
CVSS
Base: 4.0 (as of 20-11-2013 - 09:49)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-1645.NASL
    description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79170
    published 2014-11-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79170
    title CentOS 6 : kernel (CESA-2013:1645)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-291.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : The Linux kernel before 3.12.2 does not properly use the get_dumpable function, which allows local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (CVE-2013-2929). The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application (CVE-2013-2930). Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c (CVE-2013-4511). Buffer overflow in the exitcode_proc_write function in arch/um/kernel/exitcode.c in the Linux kernel before 3.12 allows local users to cause a denial of service or possibly have unspecified other impact by leveraging root privileges for a write operation (CVE-2013-4512). Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514). The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call (CVE-2013-4515). Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots (CVE-2013-4592). The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation (CVE-2013-6378). The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command (CVE-2013-6380). Buffer overflow in the qeth_snmp_command function in drivers/s390/net/qeth_core_main.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service or possibly have unspecified other impact via an SNMP ioctl call with a length value that is incompatible with the command-buffer size (CVE-2013-6381). The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call (CVE-2013-6383). The uio_mmap_physical function in drivers/uio/uio.c in the Linux kernel before 3.12 does not validate the size of a memory block, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via crafted mmap operations, a different vulnerability than CVE-2013-4511 (CVE-2013-6763). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 71511
    published 2013-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71511
    title Mandriva Linux Security Advisory : kernel (MDVSA-2013:291)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0140-1.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - Provide realtime priority kthread and workqueue boot options (bnc#836718). - sched: Fix several races in CFS_BANDWIDTH (bnc#848336). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). - macvlan: disable LRO on lower device instead of macvlan (bnc#846984). - macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). - xen: netback: bump tx queue length (bnc#849404). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue (bnc#852624). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4 - fix deal with autofs4_write races (bnc#851314). autofs4 - use simple_empty() for empty directory check (bnc#851314). blkdev_max_block: make private to fs/buffer.c (bnc#820338). Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). vfs: fix O_DIRECT read past end of block device (bnc#820338). cifs: Improve performance of browsing directories with several files (bnc#810323). cifs: Ensure cifs directories do not show up as files (bnc#826602). sd: avoid deadlocks when running under multipath (bnc#818545). - sd: fix crash when UA received on DIF enabled device (bnc#841445). sg: fix blk_get_queue usage (bnc#834808). block: factor out vector mergeable decision to a helper function (bnc#769644). block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). dm-multipath: abort all requests when failing a path (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - cleanup setting task state in scsi_error_handler() (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). - scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). - scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). - scsi_dh_alua: Evaluate state for all port groups (bnc#708296). - scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). - scsi_dh_alua: Make stpg synchronous (bnc#708296). - scsi_dh_alua: Pass buffer as function argument (bnc#708296). - scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). - scsi_dh_alua: Recheck state on transitioning (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). - scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). - scsi_dh_alua: asynchronous RTPG (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). - scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). - scsi_dh_alua: move RTPG to workqueue (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh_alua: move some sense code handling into generic code (bnc#813245). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - scsi_dh_alua: parse target device id (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: put sense buffer on stack (bnc#708296). - scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). - scsi_dh_alua: simplify alua_check_sense() (bnc#843642). - scsi_dh_alua: simplify state update (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: use flag for RTPG extended header (bnc#708296). - scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). - lpfc: Fix kernel warning on spinlock usage (bnc#806988). lpfc: Fixed system panic due to midlayer abort (bnc#806988). qla2xxx: Add module parameter to override the default request queue size (bnc#826756). qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). bna: do not register ndo_set_rx_mode callback (bnc#847261). - hv: handle more than just WS2008 in KVP negotiation (bnc#850640). drm: do not add inferred modes for monitors that do not support them (bnc#849809). pci/quirks: Modify reset method for Chelsio T4 (bnc#831168). - pci: fix truncation of resource size to 32 bits (bnc#843419). - pci: pciehp: Retrieve link speed after link is trained (bnc#820102). - pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). - pci: pciehp: replace unconditional sleep with config space access check (bnc#820102). - pci: pciehp: make check_link_active more helpful (bnc#820102). - pci: pciehp: Add pcie_wait_link_not_active() (bnc#820102). - pci: pciehp: Add Disable/enable link functions (bnc#820102). pci: pciehp: Disable/enable link during slot power off/on (bnc#820102). mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). - mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). - net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83608
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83608
    title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0140-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20131121_KERNEL_ON_SL6_X.NASL
    description This update fixes the following security issues : - A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) - A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) - A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) - An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) - It was found that the fix for CVE-2012-2375 released via SLSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) - A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) - Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) - Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) - A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) - Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) - A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 71490
    published 2013-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71490
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2114-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72577
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72577
    title Ubuntu 12.10 : linux vulnerabilities (USN-2114-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140124.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - SCSI & usb-storage: add try_rc_10_first flag. (bnc#853428) - iscsi_target: race condition on shutdown. (bnc#850072) - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception. (bnc#837206) - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout. (bnc#856481) - advansys: Remove 'last_reset' references. (bnc#856481) - dc395: Move 'last_reset' into internal host structure. (bnc#856481) - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481) - remove check for 'resetting'. (bnc#856481) - tmscsim: Move 'last_reset' into host structure. (bnc#856481) - scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist. (bnc#846654) - md: Change handling of save_raid_disk and metadata update during recovery. (bnc#849364) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#856481) - crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - X.509: Fix certificate gathering. (bnc#805114) - pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console(). (bnc#733022, bnc#852652) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - igb: Fix get_fw_version function for all parts. (bnc#848317) - igb: Refactor of init_nvm_params. (bnc#848317) - r8169: check ALDPS bit and disable it if enabled for the 8168g. (bnc#845352) - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). - bnx2x: remove false warning regarding interrupt number. (bnc#769035) - usb: Fix xHCI host issues on remote wakeup. (bnc#846989) - xhci: Limit the spurious wakeup fix only to HP machines. (bnc#833097) - Intel xhci: refactor EHCI/xHCI port switching. (bnc#840116) - xhci-hub.c: preserved kABI. (bnc#840116) - xhci: Refactor port status into a new function. (bnc#840116) - HID: multitouch: Add support for NextWindow 0340 touchscreen. (bnc#849855) - HID: multitouch: Add support for Qaunta 3027 touchscreen. (bnc#854516) - HID: multitouch: add support for Atmel 212c touchscreen. (bnc#793727) - HID: multitouch: partial support of win8 devices. (bnc#854516,bnc#793727,bnc#849855) - HID: hid-multitouch: add support for the IDEACOM 6650 chip. (bnc#854516,bnc#793727,bnc#849855) - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864) - ALSA: hda - load EQ params into IDT codec on HP bNB13 systems. (bnc#850493) - lpfc: correct some issues with txcomplq processing. (bnc#818064) - lpfc: correct an issue with rrq processing. (bnc#818064) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - Pragmatic workaround for realtime class abuse induced latency issues. - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - PCI: pciehp: Retrieve link speed after link is trained. (bnc#820102) - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - PCI: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - PCI: pciehp: make check_link_active more helpful. (bnc#820102) - PCI: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - PCI: pciehp: Add Disable/enable link functions. (bnc#820102) - PCI: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - PCI: fix truncation of resource size to 32 bits. (bnc#843419) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - mei: ME hardware reset needs to be synchronized. (bnc#821619) - kabi: Restore struct irq_desc::timer_rand_state. - fs3270: unloading module does not remove device (bnc#851879, LTC#100284). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - isci: Fix a race condition in the SSP task management path. (bnc#826978) - ptp: dynamic allocation of PHC char devices. (bnc#851290) - efifb: prevent null-deref when iterating dmi_list. (bnc#848055) - dm-mpath: Fixup race condition in activate_path(). (bnc#708296) - dm-mpath: do not detach stale hardware handler. (bnc#708296) - dm-multipath: Improve logging. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: fixup misplaced brace in alua_initialize(). (bnc#858831) - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions. (bnc#850103) - drm/mgag200: Bug fix: Modified pll algorithm for EH project. (bnc#841654) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72324
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72324
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 8826)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140125.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053). (CVE-2013-6376) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) - arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006). (CVE-2013-2146) - The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362). (CVE-2013-2930) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). - kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor. (bnc#845378) - cpuidle: add a sysfs entry to disable specific C state for debug purpose. (bnc#845378) - net: Do not enable tx-nocache-copy by default. (bnc#845378) - mm: reschedule to avoid RCU stall triggering during boot of large machines. (bnc#820434,bnc#852153) - rtc-cmos: Add an alarm disable quirk. (bnc#805740) - tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). - tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). - sched: Avoid throttle_cfs_rq() racing with period_timer stopping. (bnc#848336) - sched/balancing: Periodically decay max cost of idle balance. (bnc#849256) - sched: Consider max cost of idle balance per sched domain. (bnc#849256) - sched: Reduce overestimating rq->avg_idle. (bnc#849256) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code. (bnc#851603) - futexes: Clean up various details. (bnc#851603) - futexes: Increase hash table size for better performance. (bnc#851603) - futexes: Document multiprocessor ordering guarantees. (bnc#851603) - futexes: Avoid taking the hb->lock if there is nothing to wake up. (bnc#851603) - futexes: Fix futex_hashsize initialization. (bnc#851603) - mutex: Make more scalable by doing fewer atomic operations. (bnc#849256) - powerpc: Fix memory hotplug with sparse vmemmap. (bnc#827527) - powerpc: Add System RAM to /proc/iomem. (bnc#827527) - powerpc/mm: Mark Memory Resources as busy. (bnc#827527) - powerpc: Fix fatal SLB miss when restoring PPR. (bnc#853465) - powerpc: Make function that parses RTAS error logs global. (bnc#852761) - powerpc/pseries: Parse and handle EPOW interrupts. (bnc#852761) - powerpc/rtas_flash: Fix validate_flash buffer overflow issue. (bnc#847842) - powerpc/rtas_flash: Fix bad memory access. (bnc#847842) - x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus. (bnc#770541) - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error. (bnc#843654) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - x86/PCI: reduce severity of host bridge window conflict warnings. (bnc#858534) - ipv6: fix race condition regarding dst->expires and dst->from. (bnc#843185) - netback: bump tx queue length. (bnc#849404) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - fs: Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk. (bnc#850324) - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4: fix deal with autofs4_write races. (bnc#851314) - autofs4: use simple_empty() for empty directory check. (bnc#851314) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - SCSI & usb-storage: add try_rc_10_first flag. (bnc#853428) - iscsi_target: race condition on shutdown. (bnc#850072) - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception. (bnc#837206) - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout. (bnc#856481) - advansys: Remove 'last_reset' references. (bnc#856481) - dc395: Move 'last_reset' into internal host structure. (bnc#856481) - Add 'eh_deadline' to limit SCSI EH runtime. (bnc#856481) - remove check for 'resetting'. (bnc#856481) - tmscsim: Move 'last_reset' into host structure. (bnc#856481) - scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist. (bnc#846654) - md: Change handling of save_raid_disk and metadata update during recovery. (bnc#849364) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#856481) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#856481) - crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - X.509: Fix certificate gathering. (bnc#805114) - pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console(). (bnc#733022, bnc#852652) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - igb: Fix get_fw_version function for all parts. (bnc#848317) - igb: Refactor of init_nvm_params. (bnc#848317) - r8169: check ALDPS bit and disable it if enabled for the 8168g. (bnc#845352) - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). - bnx2x: remove false warning regarding interrupt number. (bnc#769035) - usb: Fix xHCI host issues on remote wakeup. (bnc#846989) - xhci: Limit the spurious wakeup fix only to HP machines. (bnc#833097) - Intel xhci: refactor EHCI/xHCI port switching. (bnc#840116) - xhci-hub.c: preserved kABI. (bnc#840116) - xhci: Refactor port status into a new function. (bnc#840116) - HID: multitouch: Add support for NextWindow 0340 touchscreen. (bnc#849855) - HID: multitouch: Add support for Qaunta 3027 touchscreen. (bnc#854516) - HID: multitouch: add support for Atmel 212c touchscreen. (bnc#793727) - HID: multitouch: partial support of win8 devices. (bnc#854516,bnc#793727,bnc#849855) - HID: hid-multitouch: add support for the IDEACOM 6650 chip. (bnc#854516,bnc#793727,bnc#849855) - ALSA: hda - Fix inconsistent mic-mute LED. (bnc#848864) - ALSA: hda - load EQ params into IDT codec on HP bNB13 systems. (bnc#850493) - lpfc: correct some issues with txcomplq processing. (bnc#818064) - lpfc: correct an issue with rrq processing. (bnc#818064) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - Pragmatic workaround for realtime class abuse induced latency issues. - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - PCI: pciehp: Retrieve link speed after link is trained. (bnc#820102) - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - PCI: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - PCI: pciehp: make check_link_active more helpful. (bnc#820102) - PCI: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - PCI: pciehp: Add Disable/enable link functions. (bnc#820102) - PCI: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - PCI: fix truncation of resource size to 32 bits. (bnc#843419) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - mei: ME hardware reset needs to be synchronized. (bnc#821619) - kabi: Restore struct irq_desc::timer_rand_state. - fs3270: unloading module does not remove device (bnc#851879, LTC#100284). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - isci: Fix a race condition in the SSP task management path. (bnc#826978) - ptp: dynamic allocation of PHC char devices. (bnc#851290) - efifb: prevent null-deref when iterating dmi_list. (bnc#848055) - dm-mpath: Fixup race condition in activate_path(). (bnc#708296) - dm-mpath: do not detach stale hardware handler. (bnc#708296) - dm-multipath: Improve logging. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: fixup misplaced brace in alua_initialize(). (bnc#858831) - drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions. (bnc#850103) - drm/mgag200: Bug fix: Modified pll algorithm for EH project. (bnc#841654) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72325
    published 2014-02-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72325
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 8823 / 8827)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2583.NASL
    description Description of changes: [3.8.13-16.2.2.el6uek] - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17841973] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17841968] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Alex Williamson) [Orabug: 17841960] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17837997] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17841940] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17841911] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17841928] {CVE-2013-4387}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 71132
    published 2013-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71132
    title Oracle Linux 6 : unbreakable enterprise kernel (ELSA-2013-2583)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-1645.NASL
    description From Red Hat Security Advisory 2013:1645 : Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 71108
    published 2013-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71108
    title Oracle Linux 6 : Kernel (ELSA-2013-1645)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2112-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) Dave Jones and Vince Weaver reported a flaw in the Linux kernel's perf event subsystem that allows normal users to enable function tracing. An unprivileged local user could exploit this flaw to obtain potentially sensitive information from the kernel. (CVE-2013-2930) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72575
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72575
    title Ubuntu 12.04 LTS : linux-lts-raring vulnerabilities (USN-2112-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2014-0189-1.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : CVE-2013-4587: Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050) CVE-2013-4592: Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101) CVE-2013-6367: The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051) CVE-2013-6368: The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052) CVE-2013-6376: The recalculate_apic_map function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (host OS crash) via a crafted ICR write operation in x2apic mode. (bnc#853053) CVE-2013-4483: The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321) CVE-2013-4511: Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021) CVE-2013-4514: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029) CVE-2013-4515: The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034) CVE-2013-6378: The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559) CVE-2013-6380: The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373) CVE-2013-7027: The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634) CVE-2013-6463: Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722) CVE-2013-6383: The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558) CVE-2013-4345: Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226) CVE-2013-2146: arch/x86/kernel/cpu/perf_event_intel.c in the Linux kernel before 3.8.9, when the Performance Events Subsystem is enabled, specifies an incorrect bitmask, which allows local users to cause a denial of service (general protection fault and system crash) by attempting to set a reserved bit. (bnc#825006) CVE-2013-2930: The perf_trace_event_perm function in kernel/trace/trace_event_perf.c in the Linux kernel before 3.12.2 does not properly restrict access to the perf subsystem, which allows local users to enable function tracing via a crafted application. (bnc#849362) Also the following non-security bugs have been fixed : - kernel: correct tlb flush on page table upgrade (bnc#847660, LTC#99268). - kernel: fix floating-point-control register save and restore (bnc#847660, LTC#99000). kernel: correct handling of asce-type exceptions (bnc#851879, LTC#100293). watchdog: Get rid of MODULE_ALIAS_MISCDEV statements (bnc#827767). - random: fix accounting race condition with lockless irq entropy_count update (bnc#789359). - blktrace: Send BLK_TN_PROCESS events to all running traces (bnc#838623). - printk: forcibly flush nmi ringbuffer if oops is in progress (bnc#849675). - Introduce KABI exception for cpuidle_state->disable via #ifndef __GENKSYMS__ - Honor state disabling in the cpuidle ladder governor (bnc#845378). - cpuidle: add a sysfs entry to disable specific C state for debug purpose (bnc#845378). - net: Do not enable tx-nocache-copy by default (bnc#845378). - mm: reschedule to avoid RCU stall triggering during boot of large machines (bnc#820434,bnc#852153). rtc-cmos: Add an alarm disable quirk (bnc#805740). tty/hvc_iucv: Disconnect IUCV connection when lowering DTR (bnc#839973, LTC#97595). tty/hvc_console: Add DTR/RTS callback to handle HUPCL control (bnc#839973, LTC#97595). sched: Avoid throttle_cfs_rq() racing with period_timer stopping (bnc#848336). - sched/balancing: Periodically decay max cost of idle balance (bnc#849256). - sched: Consider max cost of idle balance per sched domain (bnc#849256). - sched: Reduce overestimating rq->avg_idle (bnc#849256). - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining (bnc#848336). - sched: Fix hrtimer_cancel()/rq->lock deadlock (bnc#848336). - sched: Fix race on toggling cfs_bandwidth_used (bnc#848336). - sched: Guarantee new group-entities always have weight (bnc#848336). - sched: Use jump labels to reduce overhead when bandwidth control is inactive (bnc#848336). sched: Fix several races in CFS_BANDWIDTH (bnc#848336). futex: fix handling of read-only-mapped hugepages (VM Functionality). - futex: move user address verification up to common code (bnc#851603). - futexes: Clean up various details (bnc#851603). - futexes: Increase hash table size for better performance (bnc#851603). - futexes: Document multiprocessor ordering guarantees (bnc#851603). - futexes: Avoid taking the hb->lock if there is nothing to wake up (bnc#851603). - futexes: Fix futex_hashsize initialization (bnc#851603). mutex: Make more scalable by doing fewer atomic operations (bnc#849256). powerpc: Fix memory hotplug with sparse vmemmap (bnc#827527). - powerpc: Add System RAM to /proc/iomem (bnc#827527). - powerpc/mm: Mark Memory Resources as busy (bnc#827527). - powerpc: Fix fatal SLB miss when restoring PPR (bnc#853465). - powerpc: Make function that parses RTAS error logs global (bnc#852761). - powerpc/pseries: Parse and handle EPOW interrupts (bnc#852761). - powerpc/rtas_flash: Fix validate_flash buffer overflow issue (bnc#847842). powerpc/rtas_flash: Fix bad memory access (bnc#847842). x86: Update UV3 hub revision ID (bnc#846298 fate#314987). - x86: Remove some noise from boot log when starting cpus (bnc#770541). - x86/microcode/amd: Tone down printk(), do not treat a missing firmware file as an error (bnc#843654). - x86/dumpstack: Fix printk_address for direct addresses (bnc#845621). x86/PCI: reduce severity of host bridge window conflict warnings (bnc#858534). ipv6: fix race condition regarding dst->expires and dst->from (bnc#843185). - netback: bump tx queue length (bnc#849404). - xfrm: invalidate dst on policy insertion/deletion (bnc#842239). xfrm: prevent ipcomp scratch buffer race condition (bnc#842239). tcp: bind() fix autoselection to share ports (bnc#823618). - tcp: bind() use stronger condition for bind_conflict (bnc#823618). - tcp: ipv6: bind() use stronger condition for bind_conflict (bnc#823618). kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops (bnc#823618). macvlan: introduce IFF_MACVLAN flag and helper function (bnc#846984). - macvlan: introduce macvlan_dev_real_dev() helper function (bnc#846984). macvlan: disable LRO on lower device instead of macvlan (bnc#846984). fs: Avoid softlockup in shrink_dcache_for_umount_subtree (bnc#834473). - blkdev_max_block: make private to fs/buffer.c (bnc#820338). storage: SMI Corporation usb key added to READ_CAPACITY_10 quirk (bnc#850324). autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race (bnc#851314). - autofs4: catatonic_mode vs. notify_daemon race (bnc#851314). - autofs4: close the races around autofs4_notify_daemon() (bnc#851314). - autofs4: deal with autofs4_write/autofs4_write races (bnc#851314). - autofs4: dont clear DCACHE_NEED_AUTOMOUNT on rootless mount (bnc#851314). - autofs4: fix deal with autofs4_write races (bnc#851314). autofs4: use simple_empty() for empty directory check (bnc#851314). dlm: set zero linger time on sctp socket (bnc#787843). - SUNRPC: Fix a data corruption issue when retransmitting RPC calls (no bugzilla yet - netapp confirms problem and fix). - nfs: Change NFSv4 to not recover locks after they are lost (bnc#828236). nfs: Adapt readdirplus to application usage patterns (bnc#834708). xfs: Account log unmount transaction correctly (bnc#849950). - xfs: improve ioend error handling (bnc#846036). - xfs: reduce ioend latency (bnc#846036). - xfs: use per-filesystem I/O completion workqueues (bnc#846036). xfs: Hide additional entries in struct xfs_mount (bnc#846036 bnc#848544). Btrfs: do not BUG_ON() if we get an error walking backrefs (FATE#312888). vfs: avoid 'attempt to access beyond end of device' warnings (bnc#820338). - vfs: fix O_DIRECT read past end of block device (bnc#820338). - cifs: Improve performance of browsing directories with several files (bnc#810323). cifs: Ensure cifs directories do not show up as files (bnc#826602). dm-multipath: abort all requests when failing a path (bnc#798050). - scsi: Add 'eh_deadline' to limit SCSI EH runtime (bnc#798050). - scsi: Allow error handling timeout to be specified (bnc#798050). - scsi: Fixup compilation warning (bnc#798050). - scsi: Retry failfast commands after EH (bnc#798050). - scsi: Warn on invalid command completion (bnc#798050). - advansys: Remove 'last_reset' references (bnc#798050). - cleanup setting task state in scsi_error_handler() (bnc#798050). - dc395: Move 'last_reset' into internal host structure (bnc#798050). - dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#798050). - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#798050). - scsi: kABI fixes (bnc#798050). - scsi: remove check for 'resetting' (bnc#798050). tmscsim: Move 'last_reset' into host structure (bnc#798050). SCSI & usb-storage: add try_rc_10_first flag (bnc#853428). - iscsi_target: race condition on shutdown (bnc#850072). - libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (bnc#837206). - lpfc 8.3.42: Fixed issue of task management commands having a fixed timeout (bnc#856481). - advansys: Remove 'last_reset' references (bnc#856481). - dc395: Move 'last_reset' into internal host structure (bnc#856481). - Add 'eh_deadline' to limit SCSI EH runtime (bnc#856481). - remove check for 'resetting' (bnc#856481). tmscsim: Move 'last_reset' into host structure (bnc#856481). scsi_dh_rdac: Add new IBM 1813 product id to rdac devlist (bnc#846654). md: Change handling of save_raid_disk and metadata update during recovery (bnc#849364). dpt_i2o: Remove DPTI_STATE_IOCTL (bnc#856481). dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset (bnc#856481). crypto: unload of aes_s390 module causes kernel panic (bnc#847660, LTC#98706). - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). crypto: gf128mul - fix call to memset() (obvious fix). X.509: Fix certificate gathering (bnc#805114). pcifront: Deal with toolstack missing 'XenbusStateClosing' state. - xencons: generalize use of add_preferred_console() (bnc#733022, bnc#852652). - netxen: fix off by one bug in netxen_release_tx_buffer() (bnc#845729). - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). xen: fixed USB passthrough issue (bnc#852624). igb: Fix get_fw_version function for all parts (bnc#848317). - igb: Refactor of init_nvm_params (bnc#848317). - r8169: check ALDPS bit and disable it if enabled for the 8168g (bnc#845352). - qeth: request length checking in snmp ioctl (bnc#847660, LTC#99511). bnx2x: remove false warning regarding interrupt number (bnc#769035). usb: Fix xHCI host issues on remote wakeup (bnc#846989). - xhci: Limit the spurious wakeup fix only to HP machines (bnc#833097). - Intel xhci: refactor EHCI/xHCI port switching (bnc#840116). - xhci-hub.c: preserved kABI (bnc#840116). xhci: Refactor port status into a new function (bnc#840116). HID: multitouch: Add support for NextWindow 0340 touchscreen (bnc#849855). - HID: multitouch: Add support for Qaunta 3027 touchscreen (bnc#854516). - HID: multitouch: add support for Atmel 212c touchscreen (bnc#793727). - HID: multitouch: partial support of win8 devices (bnc#854516,bnc#793727,bnc#849855). HID: hid-multitouch: add support for the IDEACOM 6650 chip (bnc#854516,bnc#793727,bnc#849855). ALSA: hda - Fix inconsistent mic-mute LED (bnc#848864). ALSA: hda - load EQ params into IDT codec on HP bNB13 systems (bnc#850493). lpfc: correct some issues with txcomplq processing (bnc#818064). lpfc: correct an issue with rrq processing (bnc#818064). block: factor out vector mergeable decision to a helper function (bnc#769644). block: modify __bio_add_page check to accept pages that do not start a new segment (bnc#769644). sd: avoid deadlocks when running under multipath (bnc#818545). - sd: fix crash when UA received on DIF enabled device (bnc#841445). sg: fix blk_get_queue usage (bnc#834808). lpfc: Do not free original IOCB whenever ABTS fails (bnc#806988). - lpfc: Fix kernel warning on spinlock usage (bnc#806988). lpfc: Fixed system panic due to midlayer abort (bnc#806988). qla2xxx: Add module parameter to override the default request queue size (bnc#826756). qla2xxx: Module parameter 'ql2xasynclogin' (bnc#825896). Pragmatic workaround for realtime class abuse induced latency issues. Provide realtime priority kthread and workqueue boot options (bnc#836718). mlx4: allocate just enough pages instead of always 4 pages (bnc#835186 bnc#835074). - mlx4: allow order-0 memory allocations in RX path (bnc#835186 bnc#835074). - net/mlx4: use one page fragment per incoming frame (bnc#835186 bnc#835074). bna: do not register ndo_set_rx_mode callback (bnc#847261). PCI: pciehp: Retrieve link speed after link is trained (bnc#820102). - PCI: Separate pci_bus_read_dev_vendor_id from pci_scan_device (bnc#820102). - PCI: pciehp: replace unconditional sleep with config space access check (bnc#820102). - PCI: pciehp: make check_link_active more helpful (bnc#820102). - PCI: pciehp: Add pcie_wait_link_not_active() (bnc#820102). - PCI: pciehp: Add Disable/enable link functions (bnc#820102). - PCI: pciehp: Disable/enable link during slot power off/on (bnc#820102). PCI: fix truncation of resource size to 32 bits (bnc#843419). hv: handle more than just WS2008 in KVP negotiation (bnc#850640). mei: ME hardware reset needs to be synchronized (bnc#821619). kabi: Restore struct irq_desc::timer_rand_state. fs3270: unloading module does not remove device (bnc#851879, LTC#100284). cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). isci: Fix a race condition in the SSP task management path (bnc#826978). ptp: dynamic allocation of PHC char devices (bnc#851290). efifb: prevent null-deref when iterating dmi_list (bnc#848055). dm-mpath: Fixup race condition in activate_path() (bnc#708296). - dm-mpath: do not detach stale hardware handler (bnc#708296). dm-multipath: Improve logging (bnc#708296). scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). - scsi_dh_alua: Decode EMC Clariion extended inquiry (bnc#708296). - scsi_dh_alua: Decode HP EVA array identifier (bnc#708296). - scsi_dh_alua: Evaluate state for all port groups (bnc#708296). - scsi_dh_alua: Fix missing close brace in alua_check_sense (bnc#843642). - scsi_dh_alua: Make stpg synchronous (bnc#708296). - scsi_dh_alua: Pass buffer as function argument (bnc#708296). - scsi_dh_alua: Re-evaluate port group states after STPG (bnc#708296). - scsi_dh_alua: Recheck state on transitioning (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: Use separate alua_port_group structure (bnc#708296). - scsi_dh_alua: Allow get_alua_data() to return NULL (bnc#839407). - scsi_dh_alua: asynchronous RTPG (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Do not attach to RAID or enclosure devices (bnc#819979). - scsi_dh_alua: Do not attach to well-known LUNs (bnc#821980). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: invalid state information for 'optimized' paths (bnc#843445). - scsi_dh_alua: move RTPG to workqueue (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh_alua: move some sense code handling into generic code (bnc#813245). - scsi_dh_alua: multipath failover fails with error 15 (bnc#825696). - scsi_dh_alua: parse target device id (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: put sense buffer on stack (bnc#708296). - scsi_dh_alua: reattaching device handler fails with 'Error 15' (bnc#843429). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: retry command on 'mode parameter changed' sense code (bnc#843645). - scsi_dh_alua: simplify alua_check_sense() (bnc#843642). - scsi_dh_alua: simplify state update (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: use flag for RTPG extended header (bnc#708296). - scsi_dh_alua: use local buffer for VPD inquiry (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: defer I/O while workqueue item is pending (bnc#708296). - scsi_dh_alua: Rework rtpg workqueue (bnc#708296). - scsi_dh_alua: use delayed_work (bnc#708296). - scsi_dh_alua: move 'expiry' into PG structure (bnc#708296). - scsi_dh: invoke callback if ->activate is not present (bnc#708296). - scsi_dh_alua: correctly terminate target port strings (bnc#708296). - scsi_dh_alua: retry RTPG on UNIT ATTENTION (bnc#708296). - scsi_dh_alua: protect accesses to struct alua_port_group (bnc#708296). - scsi_dh_alua: fine-grained locking in alua_rtpg_work() (bnc#708296). - scsi_dh_alua: use spin_lock_irqsave for port group (bnc#708296). - scsi_dh_alua: remove locking when checking state (bnc#708296). - scsi_dh_alua: remove stale variable (bnc#708296). - scsi_dh: return individual errors in scsi_dh_activate() (bnc#708296). scsi_dh_alua: fixup misplaced brace in alua_initialize() (bnc#858831). drm/i915: add I915_PARAM_HAS_VEBOX to i915_getparam (bnc#831103,FATE#316109). - drm/i915: add I915_EXEC_VEBOX to i915_gem_do_execbuffer() (bnc#831103,FATE#316109). - drm/i915: add VEBOX into debugfs (bnc#831103,FATE#316109). - drm/i915: Enable vebox interrupts (bnc#831103,FATE#316109). - drm/i915: vebox interrupt get/put (bnc#831103,FATE#316109). - drm/i915: consolidate interrupt naming scheme (bnc#831103,FATE#316109). - drm/i915: Convert irq_refounct to struct (bnc#831103,FATE#316109). - drm/i915: make PM interrupt writes non-destructive (bnc#831103,FATE#316109). - drm/i915: Add PM regs to pre/post install (bnc#831103,FATE#316109). - drm/i915: Create an ivybridge_irq_preinstall (bnc#831103,FATE#316109). - drm/i915: Create a more generic pm handler for hsw+ (bnc#831103,FATE#316109). - drm/i915: Vebox ringbuffer init (bnc#831103,FATE#316109). - drm/i915: add HAS_VEBOX (bnc#831103,FATE#316109). - drm/i915: Rename ring flush functions (bnc#831103,FATE#316109). - drm/i915: Add VECS semaphore bits (bnc#831103,FATE#316109). - drm/i915: Introduce VECS: the 4th ring (bnc#831103,FATE#316109). - drm/i915: Semaphore MBOX update generalization (bnc#831103,FATE#316109). - drm/i915: Comments for semaphore clarification (bnc#831103,FATE#316109). - drm/i915: fix gen4 digital port hotplug definitions (bnc#850103). - drm/mgag200: Bug fix: Modified pll algorithm for EH project (bnc#841654). drm: do not add inferred modes for monitors that do not support them (bnc #849809). s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-31
    plugin id 83609
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83609
    title SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2014:0189-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-2584.NASL
    description Description of changes: [2.6.39-400.211.2.el6uek] - fs/compat_ioctl.c: VIDEO_SET_SPU_PALETTE missing error check (Kees Cook) [Orabug: 17842208] {CVE-2013-1928} - Bluetooth: RFCOMM - Fix info leak via getsockname() (Mathias Krause) [Orabug: 17842129] {CVE-2012-6545} - Bluetooth: RFCOMM - Fix info leak in ioctl(RFCOMMGETDEVLIST) (Mathias Krause) [Orabug: 17842105] {CVE-2012-6545} - llc: Fix missing msg_namelen update in llc_ui_recvmsg() (Mathias Krause) [Orabug: 17842095] {CVE-2013-3231} - HID: pantherlord: validate output report details (Kees Cook) [Orabug: 17842084] {CVE-2013-2892} - HID: zeroplus: validate output report details (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - HID: provide a helper for validating hid reports (Kees Cook) [Orabug: 17842081] {CVE-2013-2889} - KVM: Fix iommu map/unmap to handle memory slot moves (Jerry Snitselaar) [Orabug: 17842075] {CVE-2013-4592} - ansi_cprng: Fix off by one error in non-block size request (Jerry Snitselaar) [Orabug: 17842072] {CVE-2013-4345} - HID: validate HID report id size (Kees Cook) [Orabug: 17842063] {CVE-2013-2888} - ipv6: remove max_addresses check from ipv6_create_tempaddr (Hannes Frederic Sowa) [Orabug: 17842056] {CVE-2013-0343} - ipv6: udp packets following an UFO enqueued packet need also be handled by UFO (Hannes Frederic Sowa) [Orabug: 17842050] {CVE-2013-4387}
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 71133
    published 2013-11-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71133
    title Oracle Linux 5 / 6 : unbreakable enterprise kernel (ELSA-2013-2584)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-1645.NASL
    description Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 6. This is the fifth regular update. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. This update fixes the following security issues : * A flaw was found in the way the Linux kernel's IPv6 implementation handled certain UDP packets when the UDP Fragmentation Offload (UFO) feature was enabled. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-4387, Important) * A flaw was found in the way the Linux kernel handled the creation of temporary IPv6 addresses. If the IPv6 privacy extension was enabled (/proc/sys/net/ipv6/conf/eth0/use_tempaddr set to '2'), an attacker on the local network could disable IPv6 temporary address generation, leading to a potential information disclosure. (CVE-2013-0343, Moderate) * A flaw was found in the way the Linux kernel handled HID (Human Interface Device) reports with an out-of-bounds Report ID. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2888, Moderate) * An off-by-one flaw was found in the way the ANSI CPRNG implementation in the Linux kernel processed non-block size aligned requests. This could lead to random numbers being generated with less bits of entropy than expected when ANSI CPRNG was used. (CVE-2013-4345, Moderate) * It was found that the fix for CVE-2012-2375 released via RHSA-2012:1580 accidentally removed a check for small-sized result buffers. A local, unprivileged user with access to an NFSv4 mount with ACL support could use this flaw to crash the system or, potentially, escalate their privileges on the system . (CVE-2013-4591, Moderate) * A flaw was found in the way IOMMU memory mappings were handled when moving memory slots. A malicious user on a KVM host who has the ability to assign a device to a guest could use this flaw to crash the host. (CVE-2013-4592, Moderate) * Heap-based buffer overflow flaws were found in the way the Zeroplus and Pantherlord/GreenAsia game controllers handled HID reports. An attacker with physical access to the system could use these flaws to crash the system or, potentially, escalate their privileges on the system. (CVE-2013-2889, CVE-2013-2892, Moderate) * Two information leak flaws were found in the logical link control (LLC) implementation in the Linux kernel. A local, unprivileged user could use these flaws to leak kernel stack memory to user space. (CVE-2012-6542, CVE-2013-3231, Low) * A heap-based buffer overflow in the way the tg3 Ethernet driver parsed the vital product data (VPD) of devices could allow an attacker with physical access to a system to cause a denial of service or, potentially, escalate their privileges. (CVE-2013-1929, Low) * Information leak flaws in the Linux kernel could allow a privileged, local user to leak kernel memory to user space. (CVE-2012-6545, CVE-2013-1928, CVE-2013-2164, CVE-2013-2234, Low) * A format string flaw was found in the Linux kernel's block layer. A privileged, local user could potentially use this flaw to escalate their privileges to kernel level (ring0). (CVE-2013-2851, Low) Red Hat would like to thank Stephan Mueller for reporting CVE-2013-4345, and Kees Cook for reporting CVE-2013-2851. This update also fixes several hundred bugs and adds enhancements. Refer to the Red Hat Enterprise Linux 6.5 Release Notes for information on the most significant of these changes, and the Technical Notes for further information, both linked to in the References. All Red Hat Enterprise Linux 6 users are advised to install these updated packages, which correct these issues, and fix the bugs and add the enhancements noted in the Red Hat Enterprise Linux 6.5 Release Notes and Technical Notes. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 71013
    published 2013-11-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71013
    title RHEL 6 : kernel (RHSA-2013:1645)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140116.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 kernel was updated to 3.0.101 and also includes various other bug and security fixes. A new feature was added : - supported.conf: marked net/netfilter/xt_set as supported (bnc#851066)(fate#313309) The following security bugs have been fixed : - Array index error in the kvm_vm_ioctl_create_vcpu function in virt/kvm/kvm_main.c in the KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges via a large id value. (bnc#853050). (CVE-2013-4587) - The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address. (bnc#853052). (CVE-2013-6368) - The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value. (bnc#853051). (CVE-2013-6367) - Memory leak in the __kvm_set_memory_region function in virt/kvm/kvm_main.c in the Linux kernel before 3.9 allows local users to cause a denial of service (memory consumption) by leveraging certain device access to trigger movement of memory slots. (bnc#851101). (CVE-2013-4592) - The lbs_debugfs_write function in drivers/net/wireless/libertas/debugfs.c in the Linux kernel through 3.12.1 allows local users to cause a denial of service (OOPS) by leveraging root privileges for a zero-length write operation. (bnc#852559). (CVE-2013-6378) - Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions. (bnc#849029). (CVE-2013-4514) - The bcm_char_ioctl function in drivers/staging/bcm/Bcmchar.c in the Linux kernel before 3.12 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory via an IOCTL_BCM_GET_DEVICE_DRIVER_INFO ioctl call. (bnc#849034). (CVE-2013-4515) - The ieee80211_radiotap_iterator_init function in net/wireless/radiotap.c in the Linux kernel before 3.11.7 does not check whether a frame contains any data outside of the header, which might allow attackers to cause a denial of service (buffer over-read) via a crafted header. (bnc#854634). (CVE-2013-7027) - The ipc_rcu_putref function in ipc/util.c in the Linux kernel before 3.10 does not properly manage a reference count, which allows local users to cause a denial of service (memory consumption or system crash) via a crafted application. (bnc#848321). (CVE-2013-4483) - Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c. (bnc#849021). (CVE-2013-4511) - The aac_send_raw_srb function in drivers/scsi/aacraid/commctrl.c in the Linux kernel through 3.12.1 does not properly validate a certain size value, which allows local users to cause a denial of service (invalid pointer dereference) or possibly have unspecified other impact via an FSACTL_SEND_RAW_SRB ioctl call that triggers a crafted SRB command. (bnc#852373). (CVE-2013-6380) - Linux kernel built with the networking support(CONFIG_NET) is vulnerable to an information leakage flaw in the socket layer. It could occur while doing recvmsg(2), recvfrom(2) socket calls. It occurs due to improperly initialised msg_name & msg_namelen message header parameters. (bnc#854722). (CVE-2013-6463) - The aac_compat_ioctl function in drivers/scsi/aacraid/linit.c in the Linux kernel before 3.11.8 does not require the CAP_SYS_RAWIO capability, which allows local users to bypass intended access restrictions via a crafted ioctl call. (bnc#852558). (CVE-2013-6383) - Off-by-one error in the get_prng_bytes function in crypto/ansi_cprng.c in the Linux kernel through 3.11.4 makes it easier for context-dependent attackers to defeat cryptographic protection mechanisms via multiple requests for small amounts of data, leading to improper management of the state of the consumed data. (bnc#840226). (CVE-2013-4345) Also the following non-security bugs have been fixed : - kabi: protect bind_conflict callback in struct inet_connection_sock_af_ops. (bnc#823618) - printk: forcibly flush nmi ringbuffer if oops is in progress. (bnc#849675) - blktrace: Send BLK_TN_PROCESS events to all running traces. (bnc#838623) - x86/dumpstack: Fix printk_address for direct addresses. (bnc#845621) - futex: fix handling of read-only-mapped hugepages (VM Functionality). - random: fix accounting race condition with lockless irq entropy_count update. (bnc#789359) - Provide realtime priority kthread and workqueue boot options. (bnc#836718) - sched: Fix several races in CFS_BANDWIDTH. (bnc#848336) - sched: Fix cfs_bandwidth misuse of hrtimer_expires_remaining. (bnc#848336) - sched: Fix hrtimer_cancel()/rq->lock deadlock. (bnc#848336) - sched: Fix race on toggling cfs_bandwidth_used. (bnc#848336) - sched: Fix buglet in return_cfs_rq_runtime(). - sched: Guarantee new group-entities always have weight. (bnc#848336) - sched: Use jump labels to reduce overhead when bandwidth control is inactive. (bnc#848336) - watchdog: Get rid of MODULE_ALIAS_MISCDEV statements. (bnc#827767) - tcp: bind() fix autoselection to share ports. (bnc#823618) - tcp: bind() use stronger condition for bind_conflict. (bnc#823618) - tcp: ipv6: bind() use stronger condition for bind_conflict. (bnc#823618) - macvlan: disable LRO on lower device instead of macvlan. (bnc#846984) - macvlan: introduce IFF_MACVLAN flag and helper function. (bnc#846984) - macvlan: introduce macvlan_dev_real_dev() helper function. (bnc#846984) - xen: netback: bump tx queue length. (bnc#849404) - xen: xen_spin_kick fixed crash/lock release (bnc#807434)(bnc#848652). - xen: fixed USB passthrough issue. (bnc#852624) - netxen: fix off by one bug in netxen_release_tx_buffer(). (bnc#845729) - xfrm: invalidate dst on policy insertion/deletion. (bnc#842239) - xfrm: prevent ipcomp scratch buffer race condition. (bnc#842239) - crypto: Fix aes-xts parameter corruption (bnc#854546, LTC#100718). - crypto: gf128mul - fix call to memset() (obvious fix). - autofs4: autofs4_wait() vs. autofs4_catatonic_mode() race. (bnc#851314) - autofs4: catatonic_mode vs. notify_daemon race. (bnc#851314) - autofs4: close the races around autofs4_notify_daemon(). (bnc#851314) - autofs4: deal with autofs4_write/autofs4_write races. (bnc#851314) - autofs4 - dont clear DCACHE_NEED_AUTOMOUNT on rootless mount. (bnc#851314) - autofs4 - fix deal with autofs4_write races. (bnc#851314) - autofs4 - use simple_empty() for empty directory check. (bnc#851314) - blkdev_max_block: make private to fs/buffer.c. (bnc#820338) - Avoid softlockup in shrink_dcache_for_umount_subtree. (bnc#834473) - dlm: set zero linger time on sctp socket. (bnc#787843) - SUNRPC: Fix a data corruption issue when retransmitting RPC calls. (bnc#855037) - nfs: Change NFSv4 to not recover locks after they are lost. (bnc#828236) - nfs: Adapt readdirplus to application usage patterns. (bnc#834708) - xfs: Account log unmount transaction correctly. (bnc#849950) - xfs: improve ioend error handling. (bnc#846036) - xfs: reduce ioend latency. (bnc#846036) - xfs: use per-filesystem I/O completion workqueues. (bnc#846036) - xfs: Hide additional entries in struct xfs_mount. (bnc#846036 / bnc#848544) - vfs: avoid 'attempt to access beyond end of device' warnings. (bnc#820338) - vfs: fix O_DIRECT read past end of block device. (bnc#820338) - cifs: Improve performance of browsing directories with several files. (bnc#810323) - cifs: Ensure cifs directories do not show up as files. (bnc#826602) - sd: avoid deadlocks when running under multipath. (bnc#818545) - sd: fix crash when UA received on DIF enabled device. (bnc#841445) - sg: fix blk_get_queue usage. (bnc#834808) - block: factor out vector mergeable decision to a helper function. (bnc#769644) - block: modify __bio_add_page check to accept pages that do not start a new segment. (bnc#769644) - dm-multipath: abort all requests when failing a path. (bnc#798050) - scsi: Add 'eh_deadline' to limit SCSI EH runtime. (bnc#798050) - scsi: Allow error handling timeout to be specified. (bnc#798050) - scsi: Fixup compilation warning. (bnc#798050) - scsi: Retry failfast commands after EH. (bnc#798050) - scsi: Warn on invalid command completion. (bnc#798050) - scsi: kABI fixes. (bnc#798050) - scsi: remove check for 'resetting'. (bnc#798050) - advansys: Remove 'last_reset' references. (bnc#798050) - cleanup setting task state in scsi_error_handler(). (bnc#798050) - dc395: Move 'last_reset' into internal host structure. (bnc#798050) - dpt_i2o: Remove DPTI_STATE_IOCTL. (bnc#798050) - dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset. (bnc#798050) - tmscsim: Move 'last_reset' into host structure. (bnc#798050) - scsi_dh: invoke callback if ->activate is not present. (bnc#708296) - scsi_dh: return individual errors in scsi_dh_activate(). (bnc#708296) - scsi_dh_alua: Decode EMC Clariion extended inquiry. (bnc#708296) - scsi_dh_alua: Decode HP EVA array identifier. (bnc#708296) - scsi_dh_alua: Evaluate state for all port groups. (bnc#708296) - scsi_dh_alua: Fix missing close brace in alua_check_sense. (bnc#843642) - scsi_dh_alua: Make stpg synchronous. (bnc#708296) - scsi_dh_alua: Pass buffer as function argument. (bnc#708296) - scsi_dh_alua: Re-evaluate port group states after STPG. (bnc#708296) - scsi_dh_alua: Recheck state on transitioning. (bnc#708296) - scsi_dh_alua: Rework rtpg workqueue. (bnc#708296) - scsi_dh_alua: Use separate alua_port_group structure. (bnc#708296) - scsi_dh_alua: Allow get_alua_data() to return NULL. (bnc#839407) - scsi_dh_alua: asynchronous RTPG. (bnc#708296) - scsi_dh_alua: correctly terminate target port strings. (bnc#708296) - scsi_dh_alua: defer I/O while workqueue item is pending. (bnc#708296) - scsi_dh_alua: Do not attach to RAID or enclosure devices. (bnc#819979) - scsi_dh_alua: Do not attach to well-known LUNs. (bnc#821980) - scsi_dh_alua: fine-grained locking in alua_rtpg_work(). (bnc#708296) - scsi_dh_alua: invalid state information for 'optimized' paths. (bnc#843445) - scsi_dh_alua: move RTPG to workqueue. (bnc#708296) - scsi_dh_alua: move 'expiry' into PG structure. (bnc#708296) - scsi_dh_alua: move some sense code handling into generic code. (bnc#813245) - scsi_dh_alua: multipath failover fails with error 15. (bnc#825696) - scsi_dh_alua: parse target device id. (bnc#708296) - scsi_dh_alua: protect accesses to struct alua_port_group. (bnc#708296) - scsi_dh_alua: put sense buffer on stack. (bnc#708296) - scsi_dh_alua: reattaching device handler fails with 'Error 15'. (bnc#843429) - scsi_dh_alua: remove locking when checking state. (bnc#708296) - scsi_dh_alua: remove stale variable. (bnc#708296) - scsi_dh_alua: retry RTPG on UNIT ATTENTION. (bnc#708296) - scsi_dh_alua: retry command on 'mode parameter changed' sense code. (bnc#843645) - scsi_dh_alua: simplify alua_check_sense(). (bnc#843642) - scsi_dh_alua: simplify state update. (bnc#708296) - scsi_dh_alua: use delayed_work. (bnc#708296) - scsi_dh_alua: use flag for RTPG extended header. (bnc#708296) - scsi_dh_alua: use local buffer for VPD inquiry. (bnc#708296) - scsi_dh_alua: use spin_lock_irqsave for port group. (bnc#708296) - lpfc: Do not free original IOCB whenever ABTS fails. (bnc#806988) - lpfc: Fix kernel warning on spinlock usage. (bnc#806988) - lpfc: Fixed system panic due to midlayer abort. (bnc#806988) - qla2xxx: Add module parameter to override the default request queue size. (bnc#826756) - qla2xxx: Module parameter 'ql2xasynclogin'. (bnc#825896) - bna: do not register ndo_set_rx_mode callback. (bnc#847261) - hv: handle more than just WS2008 in KVP negotiation. (bnc#850640) - drm: do not add inferred modes for monitors that do not support them. (bnc#849809) - pci/quirks: Modify reset method for Chelsio T4. (bnc#831168) - pci: fix truncation of resource size to 32 bits. (bnc#843419) - pci: pciehp: Retrieve link speed after link is trained. (bnc#820102) - pci: Separate pci_bus_read_dev_vendor_id from pci_scan_device. (bnc#820102) - pci: pciehp: replace unconditional sleep with config space access check. (bnc#820102) - pci: pciehp: make check_link_active more helpful. (bnc#820102) - pci: pciehp: Add pcie_wait_link_not_active(). (bnc#820102) - pci: pciehp: Add Disable/enable link functions. (bnc#820102) - pci: pciehp: Disable/enable link during slot power off/on. (bnc#820102) - mlx4: allocate just enough pages instead of always 4 pages. (bnc#835186 / bnc#835074) - mlx4: allow order-0 memory allocations in RX path. (bnc#835186 / bnc#835074) - net/mlx4: use one page fragment per incoming frame. (bnc#835186 / bnc#835074) - qeth: request length checking in snmp ioctl (bnc#849848, LTC#99511). - cio: add message for timeouts on internal I/O (bnc#837739,LTC#97047). - s390/cio: dont abort verification after missing irq (bnc#837739,LTC#97047). - s390/cio: skip broken paths (bnc#837739,LTC#97047). - s390/cio: export vpm via sysfs (bnc#837739,LTC#97047). - s390/cio: handle unknown pgroup state (bnc#837739,LTC#97047).
    last seen 2019-02-21
    modified 2014-02-10
    plugin id 72163
    published 2014-01-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72163
    title SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 8779 / 8791 / 8792)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2066-1.NASL
    description A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. (CVE-2013-4299) Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmentation Offload (UFO). An unprivileged local user could exploit this flaw to cause a denial of service (system crash) or possibly gain administrative privileges. (CVE-2013-4470) Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges. (CVE-2013-4511) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Agere Systems HERMES II Wireless PC Cards. A local user with the CAP_NET_ADMIN capability could exploit this flaw to cause a denial of service or possibly gain administrative priviliges. (CVE-2013-4514) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's driver for Beceem WIMAX chipset based devices. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-4515) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) A flaw was discovered in the Linux kernel's compat ioctls for Adaptec AACRAID scsi raid devices. An unprivileged local user could send administrative commands to these devices potentially compromising the data stored on the device. (CVE-2013-6383) Nico Golde reported a flaw in the Linux kernel's userspace IO (uio) driver. A local user could exploit this flaw to cause a denial of service (memory corruption) or possibly gain privileges. (CVE-2013-6763) Evan Huus reported a buffer overflow in the Linux kernel's radiotap header parsing. A remote attacker could cause a denial of service (buffer over- read) via a specially crafted header. (CVE-2013-7027). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 71793
    published 2014-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=71793
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2066-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3002.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 72472
    published 2014-02-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72472
    title Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2014-3002)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2111-1.NASL
    description Vasily Kulikov reported a flaw in the Linux kernel's implementation of ptrace. An unprivileged local user could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2013-2929) A flaw in the handling of memory regions of the kernel virtual machine (KVM) subsystem was discovered. A local user with the ability to assign a device could exploit this flaw to cause a denial of service (memory consumption). (CVE-2013-4592) Nico Golde and Fabian Yamaguchi reported a flaw in the Linux kernel's debugfs filesystem. An administrative local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2013-6378) Nico Golde and Fabian Yamaguchi reported a flaw in the driver for Adaptec AACRAID scsi raid devices in the Linux kernel. A local user could use this flaw to cause a denial of service or possibly other unspecified impact. (CVE-2013-6380). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 72574
    published 2014-02-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=72574
    title Ubuntu 12.04 LTS : linux-lts-quantal vulnerabilities (USN-2111-1)
redhat via4
advisories
bugzilla
id 1031702
title CVE-2013-4592 kernel: kvm: memory leak when memory slot is moved with assigned device
oval
AND
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhsa:tst:20100842001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhsa:tst:20100842002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhsa:tst:20100842003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhsa:tst:20100842004
  • OR
    • AND
      • comment kernel is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645005
      • comment kernel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842006
    • AND
      • comment kernel-abi-whitelists is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645027
      • comment kernel-abi-whitelists is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20131645028
    • AND
      • comment kernel-bootwrapper is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645009
      • comment kernel-bootwrapper is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842010
    • AND
      • comment kernel-debug is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645019
      • comment kernel-debug is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842012
    • AND
      • comment kernel-debug-devel is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645013
      • comment kernel-debug-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842014
    • AND
      • comment kernel-devel is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645011
      • comment kernel-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842016
    • AND
      • comment kernel-doc is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645029
      • comment kernel-doc is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842024
    • AND
      • comment kernel-firmware is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645025
      • comment kernel-firmware is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842026
    • AND
      • comment kernel-headers is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645007
      • comment kernel-headers is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842008
    • AND
      • comment kernel-kdump is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645021
      • comment kernel-kdump is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842018
    • AND
      • comment kernel-kdump-devel is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645023
      • comment kernel-kdump-devel is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842020
    • AND
      • comment perf is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645015
      • comment perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20100842022
    • AND
      • comment python-perf is earlier than 0:2.6.32-431.el6
        oval oval:com.redhat.rhsa:tst:20131645017
      • comment python-perf is signed with Red Hat redhatrelease2 key
        oval oval:com.redhat.rhsa:tst:20111530020
rhsa
id RHSA-2013:1645
released 2013-11-21
severity Important
title RHSA-2013:1645: Red Hat Enterprise Linux 6 kernel update (Important)
rpms
  • kernel-0:2.6.32-431.el6
  • kernel-abi-whitelists-0:2.6.32-431.el6
  • kernel-bootwrapper-0:2.6.32-431.el6
  • kernel-debug-0:2.6.32-431.el6
  • kernel-debug-devel-0:2.6.32-431.el6
  • kernel-devel-0:2.6.32-431.el6
  • kernel-doc-0:2.6.32-431.el6
  • kernel-firmware-0:2.6.32-431.el6
  • kernel-headers-0:2.6.32-431.el6
  • kernel-kdump-0:2.6.32-431.el6
  • kernel-kdump-devel-0:2.6.32-431.el6
  • perf-0:2.6.32-431.el6
  • python-perf-0:2.6.32-431.el6
refmap via4
confirm
mlist [oss-security] 20131118 CVE-2013-4592 -- Linux kernel: kvm: memory leak when memory slot is moved with assigned device
suse openSUSE-SU-2014:0247
ubuntu
  • USN-2066-1
  • USN-2067-1
  • USN-2111-1
  • USN-2112-1
  • USN-2114-1
  • USN-2115-1
  • USN-2116-1
Last major update 05-03-2014 - 23:47
Published 20-11-2013 - 08:19
Back to Top