ID CVE-2014-5471
Summary Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry.
References
Vulnerable Configurations
  • Linux Kernel 3.16.1
    cpe:2.3:o:linux:linux_kernel:3.16.1
  • Linux Kernel 3.16.0
    cpe:2.3:o:linux:linux_kernel:3.16.0
CVSS
Base: 4.0 (as of 02-09-2014 - 14:57)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE COMPLETE
nessus via4
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-1272.NASL
    description The remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 85097
    published 2015-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=85097
    title Oracle Linux 6 : kernel (ELSA-2015-1272)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2356-1.NASL
    description Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77819
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77819
    title Ubuntu 12.04 LTS : linux vulnerabilities (USN-2356-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-103.NASL
    description This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 (see https://lkml.org/lkml/2014/11/23/181 for more information for that). It fixes the CVEs described below. Note: if you are using the openvz flavors, please consider three things: a.) we haven't got any feedback on them (while we have for all other flavors) b.) so do your test before deploying them and c.) once you have done so, please give feedback to debian-lts@lists.debian.org. If you are not using openvz flavors, please still consider b+c :-) CVE-2012-6657 Fix the sock_setsockopt function to prevent local users from being able to cause a denial of service (system crash) attack. CVE-2013-0228 Fix a XEN priviledge escalation, which allowed guest OS users to gain guest OS priviledges. CVE-2013-7266 Fix the mISDN_sock_recvmsg function to prevent local users from obtaining sensitive information from kernel memory. CVE-2014-4157 MIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP restrictions. CVE-2014-4508 Prevent local users from causing a denial of service (OOPS and system crash) when syscall auditing is enabled . CVE-2014-4653 CVE-2014-4654 CVE-2014-4655 Fix the ALSA control implementation to prevent local users from causing a denial of service attack and from obtaining sensitive information from kernel memory. CVE-2014-4943 Fix PPPoL2TP feature to prevent local users to from gaining privileges. CVE-2014-5077 Prevent remote attackers from causing a denial of service attack involving SCTP. CVE-2014-5471 CVE-2014-5472 Fix the parse_rock_ridge_inode_internal function to prevent local users from causing a denial of service attack via a crafted iso9660 images. CVE-2014-9090 Fix the do_double_fault function to prevent local users from causing a denial of service (panic) attack. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-06
    plugin id 82087
    published 2015-03-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82087
    title Debian DLA-103-1 : linux-2.6 security update
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0102.NASL
    description From Red Hat Security Advisory 2015:0102 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs : * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) * A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or 'pmd_numa', respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 81067
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81067
    title Oracle Linux 7 : kernel (ELSA-2015-0102)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2014-201.NASL
    description Multiple vulnerabilities has been found and corrected in the Linux kernel : The try_to_unmap_cluster function in mm/rmap.c in the Linux kernel before 3.14.3 does not properly consider which pages must be locked, which allows local users to cause a denial of service (system crash) by triggering a memory-usage pattern that requires removal of page-table mappings (CVE-2014-3122). Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allow physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (CVE-2014-3181). Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel before 3.16.2 allows physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value (CVE-2014-3182). The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might allow physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (CVE-2014-3184). Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allow physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (CVE-2014-3185). Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (CVE-2014-3186). arch/s390/kernel/ptrace.c in the Linux kernel before 3.15.8 on the s390 platform does not properly restrict address-space control operations in PTRACE_POKEUSR_AREA requests, which allows local users to obtain read and write access to kernel memory locations, and consequently gain privileges, via a crafted application that makes a ptrace system call (CVE-2014-3534). The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601). The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction (CVE-2014-5077). The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a mount -o remount command within a user namespace (CVE-2014-5206). Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (CVE-2014-5471). The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (CVE-2014-5472). The __udf_read_inode function in fs/udf/inode.c in the Linux kernel through 3.16.3 does not restrict the amount of ICB indirection, which allows physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode (CVE-2014-6410). The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call (CVE-2014-7975). The updated packages provides a solution for these security issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 78617
    published 2014-10-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78617
    title Mandriva Linux Security Advisory : kernel (MDVSA-2014:201)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20150128_KERNEL_ON_SL7_X.NASL
    description - A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) - A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) - A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) - A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) This update also fixes the following bugs : - Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. - A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. - Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or 'pmd_numa', respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 81073
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81073
    title Scientific Linux Security Update : kernel on SL7.x x86_64
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3108.NASL
    description Description of changes: kernel-uek [2.6.32-400.36.13.el6uek] - net: guard tcp_set_keepalive() to tcp sockets (Eric Dumazet) [Orabug: 20224099] {CVE-2012-6657} - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224061] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224029] {CVE-2014-9090} {CVE-2014-9322}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80158
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80158
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3108)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0782.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.5 Extended Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause a denial of service on the system. (CVE-2014-3690, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) * A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system. (CVE-2014-8884, Low) Red Hat would like to thank Mellanox for reporting CVE-2014-8159, and Andy Lutomirski for reporting CVE-2014-3690. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat. This update also fixes the following bugs : * Previously, a NULL pointer check that is needed to prevent an oops in the nfs_async_inode_return_delegation() function was removed. As a consequence, a NFS4 client could terminate unexpectedly. The missing NULL pointer check has been added back, and NFS4 client no longer crashes in this situation. (BZ#1187638) * Due to unbalanced multicast join and leave processing, the attempt to leave a multicast group that had not previously completed a join became unresponsive. This update resolves multiple locking issues in the IPoIB multicast code that allowed multicast groups to be left before the joining was entirely completed. Now, multicast join and leave failures or lockups no longer occur in the described situation. (BZ#1187663) * A failure to leave a multicast group which had previously been joined prevented the attempt to unregister from the 'sa' service. Multiple locking issues in the IPoIB multicast join and leave processing have been fixed so that leaving a group that has completed its join process is successful. As a result, attempts to unregister from the 'sa' service no longer lock up due to leaked resources. (BZ#1187665) * Due to a regression, when large reads which partially extended beyond the end of the underlying device were done, the raw driver returned the EIO error code instead of returning a short read covering the valid part of the device. The underlying source code has been patched, and the raw driver now returns a short read for the remainder of the device. (BZ#1195746) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82636
    published 2015-04-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82636
    title RHEL 6 : kernel (RHSA-2015:0782)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0102.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs : * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) * A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or 'pmd_numa', respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81070
    published 2015-01-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81070
    title RHEL 7 : kernel (RHSA-2015:0102)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2015-0102.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A NULL pointer dereference flaw was found in the way the Linux kernel's Common Internet File System (CIFS) implementation handled mounting of file system shares. A remote attacker could use this flaw to crash a client system that would mount a file system share from a malicious server. (CVE-2014-7145, Moderate) * A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Akira Fujita of NEC for reporting the CVE-2014-7822 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs : * Previously, a kernel panic could occur if a process reading from a locked NFS file was killed and the lock was not released properly before the read operations finished. Consequently, the system crashed. The code handling file locks has been fixed, and instead of halting, the system now emits a warning about the unreleased lock. (BZ#1172266) * A race condition in the command abort handling logic of the ipr device driver could cause the kernel to panic when the driver received a response to an abort command prior to receiving other responses to the aborted command due to the support for multiple interrupts. With this update, the abort handler waits for the aborted command's responses first before completing an abort operation. (BZ#1162734) * Previously, a race condition could occur when changing a Page Table Entry (PTE) or a Page Middle Directory (PMD) to 'pte_numa' or 'pmd_numa', respectively, causing the kernel to crash. This update removes the BUG_ON() macro from the __handle_mm_fault() function, preventing the kernel panic in the aforementioned scenario. (BZ#1170662) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81089
    published 2015-01-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81089
    title CentOS 7 : kernel (CESA-2015:0102)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-140924.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock. (bnc#866864) - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume. (bnc#869934) - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol. (bnc#866615) - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions. (bnc#880344) - CacheFiles: Does not try to dump the index key if the cookie has been cleared. (bnc#880344) - CacheFiles: Downgrade the requirements passed to the allocator. (bnc#880344) - CacheFiles: Fix the marking of cached pages. (bnc#880344) - CacheFiles: Implement invalidation. (bnc#880344) - CacheFiles: Make some debugging statements conditional. (bnc#880344) - Drivers: hv: util: Fix a bug in the KVP code. (bnc#886840) - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code. (bnc#886840) - FS-Cache: Add transition to handle invalidate immediately after lookup. (bnc#880344) - FS-Cache: Check that there are no read ops when cookie relinquished. (bnc#880344) - FS-Cache: Clear remaining page count on retrieval cancellation. (bnc#880344) - FS-Cache: Convert the object event ID #defines into an enum. (bnc#880344) - FS-Cache: Does not sleep in page release if __GFP_FS is not set. (bnc#880344) - FS-Cache: Does not use spin_is_locked() in assertions. (bnc#880344) - FS-Cache: Exclusive op submission can BUG if there is been an I/O error. (bnc#880344) - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0. (bnc#880344) - FS-Cache: Fix object state machine to have separate work and wait states. (bnc#880344) - FS-Cache: Fix operation state management and accounting. (bnc#880344) - FS-Cache: Fix signal handling during waits. (bnc#880344) - FS-Cache: Initialise the object event mask with the calculated mask. (bnc#880344) - FS-Cache: Limit the number of I/O error reports for a cache. (bnc#880344) - FS-Cache: Make cookie relinquishment wait for outstanding reads. (bnc#880344) - FS-Cache: Mark cancellation of in-progress operation. (bnc#880344) - FS-Cache: One of the write operation paths doeses not set the object state. (bnc#880344) - FS-Cache: Provide proper invalidation. (bnc#880344) - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops. (bnc#880344) - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t. (bnc#880344) - FS-Cache: Uninline fscache_object_init(). (bnc#880344) - FS-Cache: Wrap checks on object state. (bnc#880344) - HID: usbhid: add always-poll quirk. (bnc#888607) - HID: usbhid: enable always-poll quirk for Elan Touchscreen. (bnc#888607) - IB/iser: Add TIMEWAIT_EXIT event handling. (bnc#890297) - Ignore 'flags' change to event_constraint. (bnc#876114) - Ignore data_src/weight changes to perf_sample_data. (bnc#876114) - NFS: Allow more operations in an NFSv4.1 request. (bnc#890513) - NFS: Clean up helper function nfs4_select_rw_stateid(). (bnc#888968) - NFS: Does not copy read delegation stateids in setattr. (bnc#888968) - NFS: Does not use a delegation to open a file when returning that delegation. (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation. (bnc#880344) - NFS: allow lockless access to access_cache. (bnc#866130) - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts. (bnc#888591) - NFS: nfs4_do_open should add negative results to the dcache. (bnc#866130) - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page. (bnc#880344) - NFS: nfs_open_revalidate: only evaluate parent if it will be used. (bnc#866130) - NFS: prepare for RCU-walk support but pushing tests later in code. (bnc#866130) - NFS: support RCU_WALK in nfs_permission(). (bnc#866130) - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU. (bnc#866130) - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU. (bnc#866130) - NFSD: Does not hand out delegations for 30 seconds after recalling them. (bnc#880370) - NFSv4 set open access operation call flag in nfs4_init_opendata_res. (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFSv4: Add a helper for encoding opaque data. (bnc#888968) - NFSv4: Add a helper for encoding stateids. (bnc#888968) - NFSv4: Add helpers for basic copying of stateids. (bnc#888968) - NFSv4: Clean up nfs4_select_rw_stateid(). (bnc#888968) - NFSv4: Fix the return value of nfs4_select_rw_stateid. (bnc#888968) - NFSv4: Rename nfs4_copy_stateid(). (bnc#888968) - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error. (bnc#888968) - NFSv4: Simplify the struct nfs4_stateid. (bnc#888968) - NFSv4: The stateid must remain the same for replayed RPC calls. (bnc#888968) - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid. (bnc#888968) - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled. (bnc#884333) - PCI: enable MPS 'performance' setting to properly handle bridge MPS. (bnc#883376) - PM / Hibernate: Add memory_rtree_find_bit function. (bnc#860441) - PM / Hibernate: Create a Radix-Tree to store memory bitmap. (bnc#860441) - PM / Hibernate: Implement position keeping in radix tree. (bnc#860441) - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - PM / Hibernate: Remove the old memory-bitmap implementation. (bnc#860441) - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node. (bnc#860441) - Restrict /dev/mem and /dev/kmem when module loading is restricted. (bnc#884333) - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT. (bnc#876114) - USB: handle LPM errors during device suspend correctly. (bnc#849123) - Update kabi files to reflect fscache change. (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF. (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles. (bnc#880344) - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted. (bnc#884333) - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted. (bnc#884333) - autofs4: allow RCU-walk to walk through autofs4. (bnc#866130) - autofs4: avoid taking fs_lock during rcu-walk. (bnc#866130) - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring. (bnc#866130) - autofs4: factor should_expire() out of autofs4_expire_indirect. (bnc#866130) - autofs4: make 'autofs4_can_expire' idempotent. (bnc#866130) - autofs4: remove a redundant assignment. (bnc#866130) - autofs: fix lockref lookup. (bnc#888591) - be2net: add dma_mapping_error() check for dma_map_page(). (bnc#881759) - block: add cond_resched() to potentially long running ioctl discard loop. (bnc#884725) - block: fix race between request completion and timeout handling. (bnc#881051) - cdc-ether: clean packet filter upon probe. (bnc#876017) - cpuset: Fix memory allocator deadlock. (bnc#876590) - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures. (bnc#887503) - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode. (bnc#889451) - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done. (bnc#826486) - dm-mpath: fix panic on deleting sg device. (bnc#870161) - drm/ast: AST2000 cannot be detected correctly. (bnc#895983) - drm/ast: Actually load DP501 firmware when required. (bnc#895608 / bnc#871134) - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode. (bnc#892723) - drm/ast: initial DP501 support (v0.2). (bnc#871134) - drm/ast: open key before detect chips. (bnc#895983) - drm/i915: Fix up cpt pixel multiplier enable sequence. (bnc#879304) - drm/i915: Only apply DPMS to the encoder if enabled. (bnc#893064) - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init. (bnc#869055) - drm/i915: create functions for the 'unclaimed register' checks. (bnc#869055) - drm/i915: use FPGA_DBG for the 'unclaimed register' checks. (bnc#869055) - drm/mgag200: Initialize data needed to map fbdev memory. (bnc#806990) - e1000e: enable support for new device IDs. (bnc#885509) - fs/fscache: remove spin_lock() from the condition in while(). (bnc#880344) - hibernate: Disable in a signed modules environment. (bnc#884333) - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery. (bnc#885382) - ibmvscsi: Add memory barriers for send / receive. (bnc#885382) - inet: add a redirect generation id in inetpeer. (bnc#860593) - inetpeer: initialize ->redirect_genid in inet_getpeer(). (bnc#860593) - ipv6: tcp: fix tcp_v6_conn_request(). (bnc#887645) - kabi: hide bnc#860593 changes of struct inetpeer_addr_base. (bnc#860593) - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions. (bnc#884333) - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world. (bnc#883096) - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow. (bnc#884582, bnc#884767) - mm, oom: normalize oom scores to oom_score_adj scale only for userspace. (bnc#884582, bnc#884767) - mm, thp: do not allow thp faults to avoid cpuset restrictions. (bnc#888849) - net/mlx4_core: Load higher level modules according to ports type. (bnc#887680) - net/mlx4_core: Load the IB driver when the device supports IBoE. (bnc#887680) - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup. (bnc#863586) - net/mlx4_en: Fix selftest failing on non 10G link speed. (bnc#888058) - net: fix checksumming features handling in output path. (bnc#891259) - pagecache_limit: batch large nr_to_scan targets. (bnc#895221) - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix. (bnc#895680) - perf/core: Add weighted samples. (bnc#876114) - perf/x86: Add flags to event constraints. (bnc#876114) - perf/x86: Add memory profiling via PEBS Load Latency. (bnc#876114) - perf: Add generic memory sampling interface. (bnc#876114) - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware. (bnc#859840) - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning. (bnc#859840) - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX. (bnc#859840) - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive. (bnc#859840) - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling. (bnc#859840) - qla2xxx: Set host can_queue value based on available resources. (bnc#859840) - restore smp_mb() in unlock_new_inode(). (bnc#890526) - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race. (bnc#876055) - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue'. (bnc#889614) - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail. (bnc#887608) - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache. (bnc#866130) - supported.conf: remove external from drivers/net/veth. (bnc#889727) - supported.conf: support net/sched/act_police.ko. (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic. (bnc#879921) - tg3: Change nvram command timeout value to 50ms. (bnc#855657) - tg3: Override clock, link aware and link idle mode during NVRAM dump. (bnc#855657) - tg3: Set the MAC clock to the fastest speed during boot code load. (bnc#855657) - usb: Does not enable LPM if the exit latency is zero. (bnc#832309) - usbcore: Does not log on consecutive debounce failures of the same port. (bnc#888105) - usbhid: fix PIXART optical mouse. (bnc#888607) - uswsusp: Disable when module loading is restricted. (bnc#884333) - vscsi: support larger transfer sizes. (bnc#774818) - writeback: Do not sync data dirtied after sync start. (bnc#833820) - x86 thermal: Delete power-limit-notification console messages. (bnc#882317) - x86 thermal: Disable power limit notification interrupt by default. (bnc#882317) - x86 thermal: Re-enable power limit notification interrupt by default. (bnc#882317) - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable(). (bnc#887418) - x86/UV: Add call to KGDB/KDB from NMI handler. (bnc#888847) - x86/UV: Add kdump to UV NMI handler. (bnc#888847) - x86/UV: Add summary of cpu activity to UV NMI handler. (bnc#888847) - x86/UV: Move NMI support. (bnc#888847) - x86/UV: Update UV support for external NMI signals. (bnc#888847) - x86/uv/nmi: Fix Sparse warnings. (bnc#888847) - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: Lock down IO port access when module security is enabled. (bnc#884333) - x86: Restrict MSR access when module loading is restricted. (bnc#884333)
    last seen 2019-02-21
    modified 2018-02-15
    plugin id 78650
    published 2014-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78650
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Numbers 9746 / 9749 / 9751)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-791.NASL
    description The openSUSE 12.3 kernel was updated to fix security issues : This will be the final kernel update for openSUSE 13.2 during its lifetime, which ends January 4th 2015. CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-8884: Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. CVE-2014-3182: Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2013-7263: The Linux kernel updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port number when using ipv6 sockets. (bsc#853040). CVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux kernel did not restrict the amount of ICB indirection, which allowed physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel, when SCTP authentication is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. CVE-2013-2888, CVE-2013-2889, CVE-2013-2890, CVE-2013-2891, CVE-2013-2892, CVE-2013-2893, CVE-2013-2894, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897, CVE-2013-2898, CVE-2013-2899: Multiple issues in the Human Interface Device (HID) subsystem in the Linux kernel allowed physically proximate attackers to cause a denial of service or system crash via (heap-based out-of-bounds write) via a crafted device. (Not separately listed.) Other bugfixes : - xfs: mark all internal workqueues as freezable (bnc#899785). - target/rd: Refactor rd_build_device_space + rd_release_device_space (bnc#882639) - Enable CONFIG_ATH9K_HTC for armv7hl/omap2plus config (bnc#890624) - swiotlb: don't assume PA 0 is invalid (bnc#865882). - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d (bnc#818561). - tg3: Change nvram command timeout value to 50ms (bnc#768714). - tg3: Override clock, link aware and link idle mode during NVRAM dump (bnc#768714). - tg3: Set the MAC clock to the fastest speed during boot code load (bnc#768714).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80150
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80150
    title openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1669-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-1997.NASL
    description From Red Hat Security Advisory 2014:1997 : Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes : * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421)
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 80070
    published 2014-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80070
    title Oracle Linux 6 : kernel (ELSA-2014-1997)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-3012.NASL
    description The remote Oracle Linux host is missing a security update for the Unbreakable Enterprise kernel package(s).
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 81966
    published 2015-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81966
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2015-3012)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0695.NASL
    description Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's SCTP implementation validated INIT chunks when performing Address Configuration Change (ASCONF). A remote attacker could use this flaw to crash the system by sending a specially crafted SCTP packet to trigger a NULL pointer dereference on the system. (CVE-2014-7841, Important) * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. The CVE-2014-7841 issue was discovered by Liu Wei of Red Hat. This update also fixes the following bugs : * Previously, certain network device drivers did not accept ethtool commands right after they were loaded. As a consequence, the current setting of the specified device driver was not applied and an error message was returned. The ETHTOOL_DELAY variable has been added, which makes sure the ethtool utility waits for some time before it tries to apply the options settings, thus fixing the bug. (BZ#1138299) * During the memory allocation for a new socket to communicate to the server, the rpciod daemon released a clean page which needed to be committed. However, the commit was queueing indefinitely as the commit could only be provided with a socket connection. As a consequence, a deadlock occurred in rpciod. This update sets the PF_FSTRANS flag on the work queue task prior to the socket allocation, and adds the nfs_release_page check for the flag when deciding whether to make a commit call, thus fixing this bug. (BZ#1192326) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 81906
    published 2015-03-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81906
    title RHEL 6 : kernel (RHSA-2015:0695)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2355-1.NASL
    description Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77818
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77818
    title Ubuntu 10.04 LTS : linux-ec2 vulnerabilities (USN-2355-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-10312.NASL
    description Update to the latest upstream stable release, Linux v3.16.2. Various fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77787
    published 2014-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77787
    title Fedora 21 : kernel-3.16.2-300.fc21 (2014-10312)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0481-1.NASL
    description The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated to fix security issues on kernels on the x86_64 architecture. The following security bugs have been fixed : - CVE-2012-4398: The __request_module function in kernel/kmod.c in the Linux kernel before 3.4 did not set a certain killable attribute, which allowed local users to cause a denial of service (memory consumption) via a crafted application (bnc#779488). - CVE-2013-2893: The Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_LOGITECH_FF, CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed physically proximate attackers to cause a denial of service (heap-based out-of-bounds write) via a crafted device, related to (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3) drivers/hid/hid-lg4ff.c (bnc#835839). - CVE-2013-2897: Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_PICOLCD is enabled, allowed physically proximate attackers to cause a denial of service (NULL pointer dereference and OOPS) via a crafted device (bnc#835839). - CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use the get_dumpable function, which allowed local users to bypass intended ptrace restrictions or obtain sensitive information from IA64 scratch registers via a crafted application, related to kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652). - CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c (bnc#857643). - CVE-2014-0131: Use-after-free vulnerability in the skb_segment function in net/core/skbuff.c in the Linux kernel through 3.13.6 allowed attackers to obtain sensitive information from kernel memory by leveraging the absence of a certain orphaning operation (bnc#867723). - CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). - CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 did not properly count the addition of routes, which allowed remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (bnc#867531). - CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event (bnc#896382). - CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel before 3.16.2 might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). - CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel before 3.16.2 allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). - CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report (bnc#896392). - CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (bnc#892782). - CVE-2014-3610: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 did not properly handle the writing of a non-canonical address to a model-specific register, which allowed guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192). - CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2 did not have an exit handler for the INVVPID instruction, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 did not properly perform RIP changes, which allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application (bnc#899192). - CVE-2014-3673: The SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). - CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel through 3.17.2 allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter (bnc#902349). - CVE-2014-3688: The SCTP implementation in the Linux kernel before 3.17.4 allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an associations output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351). - CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors did not ensure that the value in the CR4 control register remains the same after a VM entry, which allowed host OS users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU (bnc#902232). - CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run (bnc#883948). - CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket (bnc#887082). - CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). - CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). - CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application (bnc#904013). - CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel before 3.17.4, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk (bnc#905100). - CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux kernel before 3.17.4 allowed guest OS users to cause a denial of service (guest OS crash) via a crafted application that performs an MMIO transaction or a PIO transaction to trigger a guest userspace emulation error report, a similar issue to CVE-2010-5313 (bnc#905312). - CVE-2014-8134: The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels, which made it easier for guest OS users to bypass the ASLR protection mechanism via a crafted application that reads a 16-bit value (bnc#909078). - CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.17.2 miscalculates the number of pages during the handling of a mapping failure, which allowed guest OS users to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. NOTE: this vulnerability exists because of an incorrect fix for CVE-2014-3601 (bnc#902675). - CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux kernel through 3.17.2 did not properly maintain the semantics of rename_lock, which allowed local users to cause a denial of service (deadlock and system hang) via a crafted application (bnc#903640). - CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets (bnc#904700). - CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). - CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through 3.18.2 did not properly choose memory locations for the vDSO area, which made it easier for local users to bypass the ASLR protection mechanism by guessing a location at the end of a PMD (bnc#912705). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83696
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83696
    title SUSE SLES11 Security Update : kernel (SUSE-SU-2015:0481-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_KERNEL-BIGSMP-201409-140924.NASL
    description The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix various bugs and security issues. The following security bugs have been fixed : - The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. (bnc#882804). (CVE-2014-1739) - mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. (bnc#883518). (CVE-2014-4171) - arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. (bnc#883724). (CVE-2014-4508) - The sctp_association_free function in net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet. (bnc#885422). (CVE-2014-4667) - The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. (bnc#887082). (CVE-2014-4943) - The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP authentication is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. (bnc#889173). (CVE-2014-5077) - Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. (bnc#892490). (CVE-2014-5471) - The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. (bnc#892490). (CVE-2014-5472) - Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c. (bnc#871797). (CVE-2014-2706) - The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (bnc#882639). (CVE-2014-4027) - The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification. (bnc#880892). (CVE-2014-3153) - Avoid infinite loop when processing indirect ICBs (bnc#896689) The following non-security bugs have been fixed:. (CVE-2014-6410) - ACPI / PAD: call schedule() when need_resched() is true. (bnc#866911) - ACPI: Fix bug when ACPI reset register is implemented in system memory. (bnc#882900) - ACPI: Limit access to custom_method. (bnc#884333) - ALSA: hda - Enabling Realtek ALC 671 codec. (bnc#891746) - Add option to automatically enforce module signatures when in Secure Boot mode. (bnc#884333) - Add secure_modules() call. (bnc#884333) - Add wait_on_atomic_t() and wake_up_atomic_t(). (bnc#880344) - Backported new patches of Lock down functions for UEFI secure boot Also updated series.conf and removed old patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs: abort the transaction when we does not find our extent ref. - Btrfs: avoid warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion. - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a possible deadlock between scrub and transaction committing. - Btrfs: fix corruption after write/fsync failure + fsync + log recovery. (bnc#894200) - Btrfs: fix csum tree corruption, duplicate and outdated checksums. (bnc#891619) - Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit 'ret' in end_extent_writepage(). - Btrfs: free delayed node outside of root->inode_lock. (bnc#866864) - Btrfs: make DEV_INFO ioctl available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make device scan less noisy. - Btrfs: make sure there are not any read requests before stopping workers. - Btrfs: more efficient io tree navigation on wait_extent_bit. - Btrfs: output warning instead of error when loading free space cache failed. - Btrfs: retrieve more info from FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume. (bnc#869934) - Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol. (bnc#866615) - Btrfs: use right type to get real comparison. - Btrfs: wake up @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread upon remount. - CacheFiles: Add missing retrieval completions. (bnc#880344) - CacheFiles: Does not try to dump the index key if the cookie has been cleared. (bnc#880344) - CacheFiles: Downgrade the requirements passed to the allocator. (bnc#880344) - CacheFiles: Fix the marking of cached pages. (bnc#880344) - CacheFiles: Implement invalidation. (bnc#880344) - CacheFiles: Make some debugging statements conditional. (bnc#880344) - Drivers: hv: util: Fix a bug in the KVP code. (bnc#886840) - Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code. (bnc#886840) - FS-Cache: Add transition to handle invalidate immediately after lookup. (bnc#880344) - FS-Cache: Check that there are no read ops when cookie relinquished. (bnc#880344) - FS-Cache: Clear remaining page count on retrieval cancellation. (bnc#880344) - FS-Cache: Convert the object event ID #defines into an enum. (bnc#880344) - FS-Cache: Does not sleep in page release if __GFP_FS is not set. (bnc#880344) - FS-Cache: Does not use spin_is_locked() in assertions. (bnc#880344) - FS-Cache: Exclusive op submission can BUG if there is been an I/O error. (bnc#880344) - FS-Cache: Fix __wait_on_atomic_t() to call the action func if the counter != 0. (bnc#880344) - FS-Cache: Fix object state machine to have separate work and wait states. (bnc#880344) - FS-Cache: Fix operation state management and accounting. (bnc#880344) - FS-Cache: Fix signal handling during waits. (bnc#880344) - FS-Cache: Initialise the object event mask with the calculated mask. (bnc#880344) - FS-Cache: Limit the number of I/O error reports for a cache. (bnc#880344) - FS-Cache: Make cookie relinquishment wait for outstanding reads. (bnc#880344) - FS-Cache: Mark cancellation of in-progress operation. (bnc#880344) - FS-Cache: One of the write operation paths doeses not set the object state. (bnc#880344) - FS-Cache: Provide proper invalidation. (bnc#880344) - FS-Cache: Simplify cookie retention for fscache_objects, fixing oops. (bnc#880344) - FS-Cache: The retrieval remaining-pages counter needs to be atomic_t. (bnc#880344) - FS-Cache: Uninline fscache_object_init(). (bnc#880344) - FS-Cache: Wrap checks on object state. (bnc#880344) - HID: usbhid: add always-poll quirk. (bnc#888607) - HID: usbhid: enable always-poll quirk for Elan Touchscreen. (bnc#888607) - IB/iser: Add TIMEWAIT_EXIT event handling. (bnc#890297) - Ignore 'flags' change to event_constraint. (bnc#876114) - Ignore data_src/weight changes to perf_sample_data. (bnc#876114) - NFS: Allow more operations in an NFSv4.1 request. (bnc#890513) - NFS: Clean up helper function nfs4_select_rw_stateid(). (bnc#888968) - NFS: Does not copy read delegation stateids in setattr. (bnc#888968) - NFS: Does not use a delegation to open a file when returning that delegation. (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support in line with code going upstream - NFS: Use FS-Cache invalidation. (bnc#880344) - NFS: allow lockless access to access_cache. (bnc#866130) - NFS: avoid mountpoint being displayed as ' (deleted)' in /proc/mounts. (bnc#888591) - NFS: nfs4_do_open should add negative results to the dcache. (bnc#866130) - NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a page. (bnc#880344) - NFS: nfs_open_revalidate: only evaluate parent if it will be used. (bnc#866130) - NFS: prepare for RCU-walk support but pushing tests later in code. (bnc#866130) - NFS: support RCU_WALK in nfs_permission(). (bnc#866130) - NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU. (bnc#866130) - NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU. (bnc#866130) - NFSD: Does not hand out delegations for 30 seconds after recalling them. (bnc#880370) - NFSv4 set open access operation call flag in nfs4_init_opendata_res. (bnc#888968, bnc#892200, bnc#893596, bnc#893496) - NFSv4: Add a helper for encoding opaque data. (bnc#888968) - NFSv4: Add a helper for encoding stateids. (bnc#888968) - NFSv4: Add helpers for basic copying of stateids. (bnc#888968) - NFSv4: Clean up nfs4_select_rw_stateid(). (bnc#888968) - NFSv4: Fix the return value of nfs4_select_rw_stateid. (bnc#888968) - NFSv4: Rename nfs4_copy_stateid(). (bnc#888968) - NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an error. (bnc#888968) - NFSv4: Simplify the struct nfs4_stateid. (bnc#888968) - NFSv4: The stateid must remain the same for replayed RPC calls. (bnc#888968) - NFSv4: nfs4_stateid_is_current should return 'true' for an invalid stateid. (bnc#888968) - One more fix for kABI breakage. - PCI: Lock down BAR access when module security is enabled. (bnc#884333) - PCI: enable MPS 'performance' setting to properly handle bridge MPS. (bnc#883376) - PM / Hibernate: Add memory_rtree_find_bit function. (bnc#860441) - PM / Hibernate: Create a Radix-Tree to store memory bitmap. (bnc#860441) - PM / Hibernate: Implement position keeping in radix tree. (bnc#860441) - PM / Hibernate: Iterate over set bits instead of PFNs in swsusp_free(). (bnc#860441) - PM / Hibernate: Remove the old memory-bitmap implementation. (bnc#860441) - PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node. (bnc#860441) - Restrict /dev/mem and /dev/kmem when module loading is restricted. (bnc#884333) - Reuse existing 'state' field to indicate PERF_X86_EVENT_PEBS_LDLAT. (bnc#876114) - USB: handle LPM errors during device suspend correctly. (bnc#849123) - Update kabi files to reflect fscache change. (bnc#880344) - Update x86_64 config files: re-enable SENSORS_W83627EHF. (bnc#891281) - VFS: Make more complete truncate operation available to CacheFiles. (bnc#880344) - [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi: Ignore acpi_rsdp kernel parameter when module loading is restricted. (bnc#884333) - af_iucv: correct cleanup if listen backlog is full (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when module loading is restricted. (bnc#884333) - autofs4: allow RCU-walk to walk through autofs4. (bnc#866130) - autofs4: avoid taking fs_lock during rcu-walk. (bnc#866130) - autofs4: does not take spinlock when not needed in autofs4_lookup_expiring. (bnc#866130) - autofs4: factor should_expire() out of autofs4_expire_indirect. (bnc#866130) - autofs4: make 'autofs4_can_expire' idempotent. (bnc#866130) - autofs4: remove a redundant assignment. (bnc#866130) - autofs: fix lockref lookup. (bnc#888591) - be2net: add dma_mapping_error() check for dma_map_page(). (bnc#881759) - block: add cond_resched() to potentially long running ioctl discard loop. (bnc#884725) - block: fix race between request completion and timeout handling. (bnc#881051) - cdc-ether: clean packet filter upon probe. (bnc#876017) - cpuset: Fix memory allocator deadlock. (bnc#876590) - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs have them, but some are FIPS certified, with some kernel support. - crypto: fips - only panic on bad/missing crypto mod signatures. (bnc#887503) - crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode. (bnc#889451) - dasd: validate request size before building CCW/TCW (bnc#891087, LTC#114068). - dm mpath: fix race condition between multipath_dtr and pg_init_done. (bnc#826486) - dm-mpath: fix panic on deleting sg device. (bnc#870161) - drm/ast: AST2000 cannot be detected correctly. (bnc#895983) - drm/ast: Actually load DP501 firmware when required. (bnc#895608 / bnc#871134) - drm/ast: Add missing entry to dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide screen mode. (bnc#892723) - drm/ast: initial DP501 support (v0.2). (bnc#871134) - drm/ast: open key before detect chips. (bnc#895983) - drm/i915: Fix up cpt pixel multiplier enable sequence. (bnc#879304) - drm/i915: Only apply DPMS to the encoder if enabled. (bnc#893064) - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init. (bnc#869055) - drm/i915: create functions for the 'unclaimed register' checks. (bnc#869055) - drm/i915: use FPGA_DBG for the 'unclaimed register' checks. (bnc#869055) - drm/mgag200: Initialize data needed to map fbdev memory. (bnc#806990) - e1000e: enable support for new device IDs. (bnc#885509) - fs/fscache: remove spin_lock() from the condition in while(). (bnc#880344) - hibernate: Disable in a signed modules environment. (bnc#884333) - hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery. (bnc#885382) - ibmvscsi: Add memory barriers for send / receive. (bnc#885382) - inet: add a redirect generation id in inetpeer. (bnc#860593) - inetpeer: initialize ->redirect_genid in inet_getpeer(). (bnc#860593) - ipv6: tcp: fix tcp_v6_conn_request(). (bnc#887645) - kabi: hide bnc#860593 changes of struct inetpeer_addr_base. (bnc#860593) - kernel: 3215 tty hang (bnc#891087, LTC#114562). - kernel: fix data corruption when reading /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with load of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime if the kernel enforces module loading restrictions. (bnc#884333) - md/raid6: avoid data corruption during recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix). - memcg: do not expose uninitialized mem_cgroup_per_node to world. (bnc#883096) - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change variable name reservations to resv - mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing pages when gathering surplus pages - mm, hugetlb: do not use a page in page cache for cow optimization - mm, hugetlb: fix and clean-up node iteration code to alloc or free - mm, hugetlb: fix race in region tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map parameters - mm, hugetlb: move up the code which check availability of free huge page - mm, hugetlb: protect reserved pages when soft offlining a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check about mapping type - mm, hugetlb: return a reserved page to a reserved pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb: unify region structure handling - mm, hugetlb: unify region structure handling kabi - mm, hugetlb: use long vars instead of int in region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use vma_resv_map() map types - mm, oom: fix badness score underflow. (bnc#884582, bnc#884767) - mm, oom: normalize oom scores to oom_score_adj scale only for userspace. (bnc#884582, bnc#884767) - mm, thp: do not allow thp faults to avoid cpuset restrictions. (bnc#888849) - net/mlx4_core: Load higher level modules according to ports type. (bnc#887680) - net/mlx4_core: Load the IB driver when the device supports IBoE. (bnc#887680) - net/mlx4_en: Fix a race between napi poll function and RX ring cleanup. (bnc#863586) - net/mlx4_en: Fix selftest failing on non 10G link speed. (bnc#888058) - net: fix checksumming features handling in output path. (bnc#891259) - pagecache_limit: batch large nr_to_scan targets. (bnc#895221) - pagecachelimit: reduce lru_lock congestion for heavy parallel reclaim fix. (bnc#895680) - perf/core: Add weighted samples. (bnc#876114) - perf/x86: Add flags to event constraints. (bnc#876114) - perf/x86: Add memory profiling via PEBS Load Latency. (bnc#876114) - perf: Add generic memory sampling interface. (bnc#876114) - qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware. (bnc#859840) - qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning. (bnc#859840) - qla2xxx: Does not check for firmware hung during the reset context for ISP82XX. (bnc#859840) - qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive. (bnc#859840) - qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling. (bnc#859840) - qla2xxx: Set host can_queue value based on available resources. (bnc#859840) - restore smp_mb() in unlock_new_inode(). (bnc#890526) - s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the theoretical signal_wake_up() vs schedule() race. (bnc#876055) - sclp_vt220: Enable integrated ASCII console per default (bnc#885262, LTC#112035). - scsi_dh: use missing accessor 'scsi_device_from_queue'. (bnc#889614) - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail. (bnc#887608) - scsiback: correct grant page unmapping. - scsiback: fix retry handling in __report_luns(). - scsiback: free resources after error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache. (bnc#866130) - supported.conf: remove external from drivers/net/veth. (bnc#889727) - supported.conf: support net/sched/act_police.ko. (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic. (bnc#879921) - tg3: Change nvram command timeout value to 50ms. (bnc#855657) - tg3: Override clock, link aware and link idle mode during NVRAM dump. (bnc#855657) - tg3: Set the MAC clock to the fastest speed during boot code load. (bnc#855657) - usb: Does not enable LPM if the exit latency is zero. (bnc#832309) - usbcore: Does not log on consecutive debounce failures of the same port. (bnc#888105) - usbhid: fix PIXART optical mouse. (bnc#888607) - uswsusp: Disable when module loading is restricted. (bnc#884333) - vscsi: support larger transfer sizes. (bnc#774818) - writeback: Do not sync data dirtied after sync start. (bnc#833820) - x86 thermal: Delete power-limit-notification console messages. (bnc#882317) - x86 thermal: Disable power limit notification interrupt by default. (bnc#882317) - x86 thermal: Re-enable power limit notification interrupt by default. (bnc#882317) - x86, cpu hotplug: Fix stack frame warning in check_irq_vectors_for_cpu_disable(). (bnc#887418) - x86/UV: Add call to KGDB/KDB from NMI handler. (bnc#888847) - x86/UV: Add kdump to UV NMI handler. (bnc#888847) - x86/UV: Add summary of cpu activity to UV NMI handler. (bnc#888847) - x86/UV: Move NMI support. (bnc#888847) - x86/UV: Update UV support for external NMI signals. (bnc#888847) - x86/uv/nmi: Fix Sparse warnings. (bnc#888847) - x86: Add check for number of available vectors before CPU down. (bnc#887418) - x86: Lock down IO port access when module security is enabled. (bnc#884333) - x86: Restrict MSR access when module loading is restricted. (bnc#884333)
    last seen 2019-02-21
    modified 2018-02-15
    plugin id 78651
    published 2014-10-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78651
    title SuSE 11.3 Security Update : Linux kernel (SAT Patch Number 9750)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-9959.NASL
    description This update contains an important fix for NFS and a security fix for isofs CVE-2014-5471 and CVE-2014-5472. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77451
    published 2014-08-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77451
    title Fedora 20 : kernel-3.15.10-201.fc20 (2014-9959)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3107.NASL
    description Description of changes: [2.6.39-400.215.15.el6uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224060] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224028] {CVE-2014-9090} {CVE-2014-9322}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80157
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80157
    title Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3107)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2014-3106.NASL
    description Description of changes: kernel-uek [3.8.13-55.1.2.el7uek] - isofs: Fix unbounded recursion when processing relocated directories (Jan Kara) [Orabug: 20224059] {CVE-2014-5471} {CVE-2014-5472} - x86_64, traps: Stop using IST for #SS (Andy Lutomirski) [Orabug: 20224027] {CVE-2014-9090} {CVE-2014-9322}
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 80156
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80156
    title Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2014-3106)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2014-11008.NASL
    description The 3.14.19 stable update contains a number of important fixes across the tree. The 3.14.18 stable update contains a number of important fixes across the tree. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 77974
    published 2014-09-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77974
    title Fedora 19 : kernel-3.14.19-100.fc19 (2014-11008)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2014-1997.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes : * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80088
    published 2014-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80088
    title CentOS 6 : kernel (CESA-2014:1997)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-0803.NASL
    description Updated kernel packages that fix multiple security issues and two bugs are now available for Red Hat Enterprise Linux 6.4 Advanced Update Support. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important) * An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system. (CVE-2013-2596, Important) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. This update also fixes the following bugs : * The kernel could sometimes panic due to a possible division by zero in the kernel scheduler. This bug has been fixed by defining a new div64_ul() division function and correcting the affected calculation in the proc_sched_show_task() function. (BZ#1199898) * When repeating a Coordinated Universal Time (UTC) value during a leap second (when the UTC time should be 23:59:60), the International Atomic Time (TAI) timescale previously stopped as the kernel NTP code incremented the TAI offset one second too late. A patch has been provided, which fixes the bug by incrementing the offset during the leap second itself. Now, the correct TAI is set during the leap second. (BZ#1201672) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 82790
    published 2015-04-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82790
    title RHEL 6 : kernel (RHSA-2015:0803)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2354-1.NASL
    description Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77817
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77817
    title Ubuntu 10.04 LTS : linux vulnerabilities (USN-2354-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2015-0812-1.NASL
    description The SUSE Linux Enterprise 10 SP4 LTSS kernel was updated to receive various security and bugfixes. The following security bugs have been fixed : CVE-2015-2041: A information leak in the llc2_timeout_table was fixed (bnc#919007). CVE-2014-9322: arch/x86/kernel/entry_64.S in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space (bnc#910251). CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the 1-clock-tests test suite (bnc#907818). CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c in the Linux kernel did not properly manage a certain backlog value, which allowed remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet (bnc#885422). CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346). CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response (bnc#896391). CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c (bnc#896390). CVE-2014-1874: The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel allowed local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (bnc#863335). CVE-2014-0181: The Netlink implementation in the Linux kernel did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program (bnc#875051). CVE-2013-4299: Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel allowed remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device (bnc#846404). CVE-2013-2147: The HP Smart Array controller disk-array driver and Compaq SMART2 controller disk-array driver in the Linux kernel did not initialize certain data structures, which allowed local users to obtain sensitive information from kernel memory via (1) a crafted IDAGETPCIINFO command for a /dev/ida device, related to the ida_locked_ioctl function in drivers/block/cpqarray.c or (2) a crafted CCISS_PASSTHRU32 command for a /dev/cciss device, related to the cciss_ioctl32_passthru function in drivers/block/cciss.c (bnc#823260). CVE-2012-6657: The sock_setsockopt function in net/core/sock.c in the Linux kernel did not ensure that a keepalive action is associated with a stream socket, which allowed local users to cause a denial of service (system crash) by leveraging the ability to create a raw socket (bnc#896779). CVE-2012-3400: Heap-based buffer overflow in the udf_load_logicalvol function in fs/udf/super.c in the Linux kernel allowed remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via a crafted UDF filesystem (bnc#769784). CVE-2012-2319: Multiple buffer overflows in the hfsplus filesystem implementation in the Linux kernel allowed local users to gain privileges via a crafted HFS plus filesystem, a related issue to CVE-2009-4020 (bnc#760902). CVE-2012-2313: The rio_ioctl function in drivers/net/ethernet/dlink/dl2k.c in the Linux kernel did not restrict access to the SIOCSMIIREG command, which allowed local users to write data to an Ethernet adapter via an ioctl call (bnc#758813). CVE-2011-4132: The cleanup_journal_tail function in the Journaling Block Device (JBD) functionality in the Linux kernel 2.6 allowed local users to cause a denial of service (assertion error and kernel oops) via an ext3 or ext4 image with an 'invalid log first block value' (bnc#730118). CVE-2011-4127: The Linux kernel did not properly restrict SG_IO ioctl calls, which allowed local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume (bnc#738400). CVE-2011-1585: The cifs_find_smb_ses function in fs/cifs/connect.c in the Linux kernel did not properly determine the associations between users and sessions, which allowed local users to bypass CIFS share authentication by leveraging a mount of a share by a different user (bnc#687812). CVE-2011-1494: Integer overflow in the _ctl_do_mpt_command function in drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel might have allowed local users to gain privileges or cause a denial of service (memory corruption) via an ioctl call specifying a crafted value that triggers a heap-based buffer overflow (bnc#685402). CVE-2011-1495: drivers/scsi/mpt2sas/mpt2sas_ctl.c in the Linux kernel did not validate (1) length and (2) offset values before performing memory copy operations, which might allow local users to gain privileges, cause a denial of service (memory corruption), or obtain sensitive information from kernel memory via a crafted ioctl call, related to the _ctl_do_mpt_command and _ctl_diag_read_buffer functions (bnc#685402). CVE-2011-1493: Array index error in the rose_parse_national function in net/rose/rose_subr.c in the Linux kernel allowed remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by composing FAC_NATIONAL_DIGIS data that specifies a large number of digipeaters, and then sending this data to a ROSE socket (bnc#681175). CVE-2011-4913: The rose_parse_ccitt function in net/rose/rose_subr.c in the Linux kernel did not validate the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP fields, which allowed remote attackers to (1) cause a denial of service (integer underflow, heap memory corruption, and panic) via a small length value in data sent to a ROSE socket, or (2) conduct stack-based buffer overflow attacks via a large length value in data sent to a ROSE socket (bnc#681175). CVE-2011-4914: The ROSE protocol implementation in the Linux kernel did not verify that certain data-length values are consistent with the amount of data sent, which might allow remote attackers to obtain sensitive information from kernel memory or cause a denial of service (out-of-bounds read) via crafted data to a ROSE socket (bnc#681175). CVE-2011-1476: Integer underflow in the Open Sound System (OSS) subsystem in the Linux kernel on unspecified non-x86 platforms allowed local users to cause a denial of service (memory corruption) by leveraging write access to /dev/sequencer (bnc#681999). CVE-2011-1477: Multiple array index errors in sound/oss/opl3.c in the Linux kernel allowed local users to cause a denial of service (heap memory corruption) or possibly gain privileges by leveraging write access to /dev/sequencer (bnc#681999). CVE-2011-1163: The osf_partition function in fs/partitions/osf.c in the Linux kernel did not properly handle an invalid number of partitions, which might allow local users to obtain potentially sensitive information from kernel heap memory via vectors related to partition-table parsing (bnc#679812). CVE-2011-1090: The __nfs4_proc_set_acl function in fs/nfs/nfs4proc.c in the Linux kernel stored NFSv4 ACL data in memory that is allocated by kmalloc but not properly freed, which allowed local users to cause a denial of service (panic) via a crafted attempt to set an ACL (bnc#677286). CVE-2014-9584: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel did not validate a length value in the Extensions Reference (ER) System Use Field, which allowed local users to obtain sensitive information from kernel memory via a crafted iso9660 image (bnc#912654). CVE-2014-9420: The rock_continue function in fs/isofs/rock.c in the Linux kernel did not restrict the number of Rock Ridge continuation entries, which allowed local users to cause a denial of service (infinite loop, and system crash or hang) via a crafted iso9660 image (bnc#911325). CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry (bnc#892490). CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry (bnc#892490). CVE-2014-3917: kernel/auditsc.c in the Linux kernel, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allowed local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (bnc#880484). CVE-2014-4652: Race condition in the tlv handler functionality in the snd_ctl_elem_user_tlv function in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795). CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE commands, which allowed local users to remove kernel controls and cause a denial of service (use-after-free and system crash) by leveraging /dev/snd/controlCX access for an ioctl call (bnc#883795). CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c in the ALSA control implementation in the Linux kernel did not properly maintain the user_ctl_count value, which allowed local users to cause a denial of service (integer overflow and limit bypass) by leveraging /dev/snd/controlCX access for a large number of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls (bnc#883795). CVE-2014-4653: sound/core/control.c in the ALSA control implementation in the Linux kernel did not ensure possession of a read/write lock, which allowed local users to cause a denial of service (use-after-free) and obtain sensitive information from kernel memory by leveraging /dev/snd/controlCX access (bnc#883795). CVE-2014-4656: Multiple integer overflows in sound/core/control.c in the ALSA control implementation in the Linux kernel allowed local users to cause a denial of service by leveraging /dev/snd/controlCX access, related to (1) index values in the snd_ctl_add function and (2) numid values in the snd_ctl_remove_numid_conflict function (bnc#883795). The update package also includes non-security fixes. See advisory for details. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-29
    plugin id 83723
    published 2015-05-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83723
    title SUSE SLES10 Security Update : kernel (SUSE-SU-2015:0812-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1318.NASL
    description Updated Red Hat Enterprise MRG Realtime packages that fix multiple security issues and add one enhancement are now available for Red Hat Enterprise MRG 2.5. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Red Hat Enterprise MRG (Messaging, Realtime, and Grid) is a next-generation IT infrastructure for enterprise computing. MRG offers increased performance, reliability, interoperability, and faster computing for enterprise customers. MRG Realtime provides the highest levels of predictability for consistent low-latency response times to meet the needs of time-sensitive workloads. MRG Realtime also provides new levels of determinism by optimizing lengthy kernel code paths to ensure that they do not become bottlenecks. This allows for better prioritization of applications, resulting in consistent, predictable response times for high-priority applications. * An out-of-bounds write flaw was found in the way the Apple Magic Mouse/Trackpad multi-touch driver handled Human Interface Device (HID) reports with an invalid size. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3181, Moderate) * A memory corruption flaw was found in the way the USB ConnectTech WhiteHEAT serial driver processed completion commands sent via USB Request Blocks buffers. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3185, Moderate) * A race condition flaw was found in the way the Linux kernel's mmap(2), madvise(2), and fallocate(2) system calls interacted with each other while operating on virtual memory file system files. A local user could use this flaw to cause a denial of service. (CVE-2014-4171, Moderate) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * An out-of-bounds read flaw was found in the way the Logitech Unifying receiver driver handled HID reports with an invalid device_index value. An attacker with physical access to the system could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-3182, Low) * Multiple out-of-bounds write flaws were found in the way the Cherry Cymotion keyboard driver, KYE/Genius device drivers, Logitech device drivers, Monterey Genius KB29E keyboard driver, Petalynx Maxter remote control driver, and Sunplus wireless desktop driver handled HID reports with an invalid report descriptor size. An attacker with physical access to the system could use either of these flaws to write data past an allocated memory buffer. (CVE-2014-3184, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) This update also adds the following enhancement : * The Solarflare SFC9120 10GBE Ethernet NICs were not supported by the MRG Realtime kernel. With this update, the drivers have been updated to enable the Solarflare SFC9120 cards on the Realtime kernel. (BZ#1086945) All Red Hat Enterprise MRG Realtime users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-07-26
    plugin id 78006
    published 2014-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78006
    title RHEL 6 : MRG (RHSA-2014:1318)
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2017-0057.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2017-0057 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 99163
    published 2017-04-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99163
    title OracleVM 3.3 : Unbreakable / etc (OVMSA-2017-0057) (Dirty COW)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2014-1997.NASL
    description Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-9322, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) * A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) * A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) * It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) * It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Red Hat would like to thank Andy Lutomirski for reporting CVE-2014-9322. The CVE-2014-3673 issue was discovered by Liu Wei of Red Hat. Bug fixes : * This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. (BZ#1155427) * The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. (BZ#1158311) * After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. (BZ#1158325) * When using the ixgbe adapter with disabled LRO and the tx-usec or rs-usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. (BZ#1158326) * The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. (BZ#1158328) * Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. (BZ#1161418) * A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. (BZ#1161420) * Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly. (BZ#1161421)
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80072
    published 2014-12-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80072
    title RHEL 6 : kernel (RHSA-2014:1997)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-793.NASL
    description The openSUSE 13.1 kernel was updated to fix security issues and bugs : Security issues fixed: CVE-2014-9322: A local privilege escalation in the x86_64 32bit compatibility signal handling was fixed, which could be used by local attackers to crash the machine or execute code. CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in the Linux kernel did not properly handle faults associated with the Stack Segment (SS) segment register, which allowed local users to cause a denial of service (panic) via a modify_ldt system call, as demonstrated by sigreturn_32 in the linux-clock-tests test suite. CVE-2014-8133: Insufficient validation of TLS register usage could leak information from the kernel stack to userspace. CVE-2014-0181: The Netlink implementation in the Linux kernel through 3.14.1 did not provide a mechanism for authorizing socket operations based on the opener of a socket, which allowed local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051) CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (memory consumption) by triggering a large number of chunks in an association's output queue, as demonstrated by ASCONF probes, related to net/sctp/inqueue.c and net/sctp/sm_statefuns.c. CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c in the SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (panic) via duplicate ASCONF chunks that trigger an incorrect uncork within the side-effect interpreter. CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allowed local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call. CVE-2014-8884: Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call. CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote attackers to cause a denial of service (system crash) via a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c. CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel, as used in Android on Nexus 7 devices, allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report. CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux kernel, when ASCONF is used, allowed remote attackers to cause a denial of service (NULL pointer dereference and system crash) via a malformed INIT chunk. CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit platforms might allow context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted Literal Run that would be improperly handled by programs not complying with an API limitation, a different vulnerability than CVE-2014-4715. CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel allowed context-dependent attackers to cause a denial of service (memory corruption) via a crafted Literal Run. CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel did not properly maintain a certain tail pointer, which allowed remote attackers to obtain sensitive cleartext information by reading packets. CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (memory corruption and system crash) via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with a bulk response. CVE-2014-3184: The report_fixup functions in the HID subsystem in the Linux kernel might have allowed physically proximate attackers to cause a denial of service (out-of-bounds write) via a crafted device that provides a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c. CVE-2014-3182: Array index error in the logi_dj_raw_event function in drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically proximate attackers to execute arbitrary code or cause a denial of service (invalid kfree) via a crafted device that provides a malformed REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value. CVE-2014-3181: Multiple stack-based buffer overflows in the magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic Mouse HID driver in the Linux kernel allowed physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that provides a large amount of (1) EHCI or (2) XHCI data associated with an event. CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not properly handle private syscall numbers during use of the ftrace subsystem, which allowed local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application. CVE-2013-7263: The Linux kernel updated certain length values before ensuring that associated data structures have been initialized, which allowed local users to obtain sensitive information from kernel stack memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port number when using ipv6 sockets. (bsc#853040). CVE-2013-2898: Fixed potential kernel caller confusion via past-end-of-heap-allocation read in sensor-hub HID driver. CVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in steelseries HID driver. VE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux kernel did not restrict the amount of ICB indirection, which allowed physically proximate attackers to cause a denial of service (infinite loop or stack consumption) via a UDF filesystem with a crafted inode. CVE-2014-5471: Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (uncontrolled recursion, and system crash or reboot) via a crafted iso9660 image with a CL entry referring to a directory entry that has a CL entry. CVE-2014-5472: The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial of service (unkillable mount process) via a crafted iso9660 image with a self-referential CL entry. CVE-2014-0206: Array index error in the aio_read_events_ring function in fs/aio.c in the Linux kernel allowed local users to obtain sensitive information from kernel memory via a large head value. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-5206: The do_remount function in fs/namespace.c in the Linux kernel did not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allowed local users to bypass an intended read-only restriction and defeat certain sandbox protection mechanisms via a 'mount -o remount' command within a user namespace. CVE-2014-5207: fs/namespace.c in the Linux kernel did not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allowed local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a 'mount -o remount' command within a user namespace. CVE-2014-1739: The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel did not initialize a certain data structure, which allowed local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call. CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel allowed local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket. CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allowed local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000. CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in the Linux kernel, when SCTP authentication is enabled, allowed remote attackers to cause a denial of service (NULL pointer dereference and OOPS) by starting to establish an association between two endpoints immediately after an exchange of INIT and INIT ACK chunks to establish an earlier association between these endpoints in the opposite direction. CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement the interaction between range notification and hole punching, which allowed local users to cause a denial of service (i_mutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call. Also the following bugs were fixed : - KEYS: Fix stale key registration at error path (bnc#908163). - parport: parport_pc, do not remove parent devices early (bnc#856659). - xfs: fix directory hash ordering bug. - xfs: mark all internal workqueues as freezable (bnc#899785). - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736). - cfq-iosched: Fix wrong children_weight calculation (bnc#893429). - target/rd: Refactor rd_build_device_space + rd_release_device_space (bnc#882639). - Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch (bnc#887046). - usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports (bnc#864375). - xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown (bnc#864375). - xhci: Switch Intel Lynx Point ports to EHCI on shutdown (bnc#864375). - ALSA: hda - Fix broken PM due to incomplete i915 initialization (bnc#890114). - netbk: Don't destroy the netdev until the vif is shut down (bnc#881008). - swiotlb: don't assume PA 0 is invalid (bnc#865882). - PM / sleep: Fix request_firmware() error at resume (bnc#873790). - usbcore: don't log on consecutive debounce failures of the same port (bnc#818966).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 80152
    published 2014-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80152
    title openSUSE Security Update : the Linux Kernel (openSUSE-SU-2014:1677-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2359-1.NASL
    description Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77821
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77821
    title Ubuntu 14.04 LTS : linux vulnerabilities (USN-2359-1)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2358-1.NASL
    description Jack Morgenstein reported a flaw in the page handling of the KVM (Kerenl Virtual Machine) subsystem in the Linux kernel. A guest OS user could exploit this flaw to cause a denial of service (host OS memory corruption) or possibly have other unspecified impact on the host OS. (CVE-2014-3601) Jason Gunthorpe reported a flaw with SCTP authentication in the Linux kernel. A remote attacker could exploit this flaw to cause a denial of service (NULL pointer dereference and OOPS). (CVE-2014-5077) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image either via a CD/DVD drive or a loopback mount could cause a denial of service (system crash or reboot). (CVE-2014-5471) Chris Evans reported an flaw in the Linux kernel's handling of iso9660 (compact disk filesystem) images. An attacker who can mount a custom iso9660 image, with a self-referential CL entry, either via a CD/DVD drive or a loopback mount could cause a denial of service (unkillable mount process). (CVE-2014-5472). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 77820
    published 2014-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=77820
    title Ubuntu 12.04 LTS : linux-lts-trusty vulnerabilities (USN-2358-1)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20141216_KERNEL_ON_SL6_X.NASL
    description - A flaw was found in the way the Linux kernel's SCTP implementation handled malformed or duplicate Address Configuration Change Chunks (ASCONF). A remote attacker could use either of these flaws to crash the system. (CVE-2014-3673, CVE-2014-3687, Important) - A flaw was found in the way the Linux kernel's SCTP implementation handled the association's output queue. A remote attacker could send specially crafted packets that would cause the system to use an excessive amount of memory, leading to a denial of service. (CVE-2014-3688, Important) - A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's UDF file system implementation processed indirect ICBs. An attacker with physical access to the system could use a specially crafted UDF image to crash the system. (CVE-2014-6410, Low) - It was found that the Linux kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system. (CVE-2012-6657, Low) - It was found that the parse_rock_ridge_inode_internal() function of the Linux kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-5471, CVE-2014-5472, Low) Bug fixes : - This update fixes a race condition issue between the sock_queue_err_skb function and sk_forward_alloc handling in the socket error queue (MSG_ERRQUEUE), which could occasionally cause the kernel, for example when using PTP, to incorrectly track allocated memory for the error queue, in which case a traceback would occur in the system log. - The zcrypt device driver did not detect certain crypto cards and the related domains for crypto adapters on System z and s390x architectures. Consequently, it was not possible to run the system on new crypto hardware. This update enables toleration mode for such devices so that the system can make use of newer crypto hardware. - After mounting and unmounting an XFS file system several times consecutively, the umount command occasionally became unresponsive. This was caused by the xlog_cil_force_lsn() function that was not waiting for completion as expected. With this update, xlog_cil_force_lsn() has been modified to correctly wait for completion, thus fixing this bug. - When using the ixgbe adapter with disabled LRO and the tx-usec or rs- usec variables set to 0, transmit interrupts could not be set lower than the default of 8 buffered tx frames. Consequently, a delay of TCP transfer occurred. The restriction of a minimum of 8 buffered frames has been removed, and the TCP delay no longer occurs. - The offb driver has been updated for the QEMU standard VGA adapter, fixing an incorrect displaying of colors issue. - Under certain circumstances, when a discovered MTU expired, the IPv6 connection became unavailable for a short period of time. This bug has been fixed, and the connection now works as expected. - A low throughput occurred when using the dm-thin driver to write to unprovisioned or shared chunks for a thin pool with the chunk size bigger than the max_sectors_kb variable. - Large write workloads on thin LVs could cause the iozone and smallfile utilities to terminate unexpectedly.
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 80099
    published 2014-12-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80099
    title Scientific Linux Security Update : kernel on SL6.x i386/x86_64
  • NASL family OracleVM Local Security Checks
    NASL id ORACLEVM_OVMSA-2015-0040.NASL
    description The remote OracleVM system is missing necessary patches to address critical security updates : please see Oracle VM Security Advisory OVMSA-2015-0040 for details.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 82691
    published 2015-04-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82691
    title OracleVM 3.3 : kernel-uek (OVMSA-2015-0040)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2015-0290.NASL
    description The remote Oracle Linux host is missing a security update for one or more kernel-related packages.
    last seen 2019-02-21
    modified 2018-09-17
    plugin id 81800
    published 2015-03-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=81800
    title Oracle Linux 7 : kernel (ELSA-2015-0290)
redhat via4
advisories
  • rhsa
    id RHSA-2014:1318
  • rhsa
    id RHSA-2015:0102
  • rhsa
    id RHSA-2015:0695
  • rhsa
    id RHSA-2015:0782
  • rhsa
    id RHSA-2015:0803
rpms
  • kernel-0:2.6.32-504.3.3.el6
  • kernel-abi-whitelists-0:2.6.32-504.3.3.el6
  • kernel-bootwrapper-0:2.6.32-504.3.3.el6
  • kernel-debug-0:2.6.32-504.3.3.el6
  • kernel-debug-devel-0:2.6.32-504.3.3.el6
  • kernel-devel-0:2.6.32-504.3.3.el6
  • kernel-doc-0:2.6.32-504.3.3.el6
  • kernel-firmware-0:2.6.32-504.3.3.el6
  • kernel-headers-0:2.6.32-504.3.3.el6
  • kernel-kdump-0:2.6.32-504.3.3.el6
  • kernel-kdump-devel-0:2.6.32-504.3.3.el6
  • perf-0:2.6.32-504.3.3.el6
  • python-perf-0:2.6.32-504.3.3.el6
  • kernel-0:3.10.0-123.20.1.el7
  • kernel-abi-whitelists-0:3.10.0-123.20.1.el7
  • kernel-bootwrapper-0:3.10.0-123.20.1.el7
  • kernel-debug-0:3.10.0-123.20.1.el7
  • kernel-debug-devel-0:3.10.0-123.20.1.el7
  • kernel-devel-0:3.10.0-123.20.1.el7
  • kernel-doc-0:3.10.0-123.20.1.el7
  • kernel-headers-0:3.10.0-123.20.1.el7
  • kernel-kdump-0:3.10.0-123.20.1.el7
  • kernel-kdump-devel-0:3.10.0-123.20.1.el7
  • kernel-tools-0:3.10.0-123.20.1.el7
  • kernel-tools-libs-0:3.10.0-123.20.1.el7
  • kernel-tools-libs-devel-0:3.10.0-123.20.1.el7
  • perf-0:3.10.0-123.20.1.el7
  • python-perf-0:3.10.0-123.20.1.el7
refmap via4
bid 69396
confirm
hp
  • HPSBGN03282
  • HPSBGN03285
misc https://code.google.com/p/google-security-research/issues/detail?id=88
mlist
  • [oss-security] 20140826 CVE Request: Linux Kernel unbound recursion in ISOFS
  • [oss-security] 20140827 Re: CVE Request: Linux Kernel unbound recursion in ISOFS
suse
  • SUSE-SU-2014:1316
  • SUSE-SU-2014:1319
  • SUSE-SU-2015:0481
  • SUSE-SU-2015:0812
  • openSUSE-SU-2015:0566
ubuntu
  • USN-2354-1
  • USN-2355-1
  • USN-2356-1
  • USN-2357-1
  • USN-2358-1
  • USN-2359-1
xf linux-kernel-isofs-bo(95481)
Last major update 06-01-2017 - 22:00
Published 31-08-2014 - 21:55
Last modified 07-09-2017 - 21:29
Back to Top