[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2015-13396)

[Oracle Ksplice]

Synopsis: FEDORA-2015-13396 can now be patched using Ksplice

Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-13396.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Delayed inode freeing in directory cache.

A bug in the dcache code when using file handles could cause inodes to
remain on disk (taking up space) indefinitely after deletion. A
malicious local user could use this to fill up a filesystem.


* NULL pointer dereference in block layer during block I/O.

Under certain circumstances, trying to submit I/O requests on a block
device using integrity checks could result in a NULL pointer dereference.


* Memory leak in multiqueue support for SCSI block devices.

Under certain circumstances, sending commands with large data transfer
lengths could result in a memory leak. A malicious user could
potentially use this to cause denial of service.


* Infinite loop during unmount.

In rare circumstances where there are unmounted filesystems connected
to a directory which is being deleted, the kernel could enter an
infinite loop. A malicious user with sufficient privileges or the
ability to unmount filesystems could potentially use this to cause
denial of service.


* Domain ID leak in VT-d IOMMU during domain exit.

Due to a missing test during VT-d domain exits, the domain ID is
leaked and never recovered. A malicious user with the ability to
create and destroy domains can exhaust the set of domain IDs and
thus cause denial of service.


* Kernel panic in SDHCI MMC/SD driver when adding host.

Due to a missing check in the MMC host driver, adding an SDHCI host
could cause a NULL pointer dereference or kernel panic.


* Kernel crash when closing serial TTY device.

A race condition in the generic serial TTY device driver could
cause kernel crashes when simultaneously receiving data and closing
the serial device. A malicious user could use this to cause denial
of service.


* Kernel crash in perf when sampling CQM events.

A race condition in the perf CQM event sampling code could cause a
kernel crash if the event was triggered in an interrupt context. A
malicious user could hit the race condition and cause denial of
service.


* Memory leak in NFS client during request coalescing.

Due to incorrect error handling, an error condition could cause some
NFS requests to be lost (and their memory leaked). A malicious user
might under certain circumstances be able to trigger the condition and
exhaust all the available system memory, causing denial of service.


* Page faults during Nouveau framebuffer console initialization.

Incorrect calculation of free ring buffer space during Nouveau
framebuffer console initialization could cause memory accesses
outside the ring buffer and subsequent page faults and kernel crashes.


* Memory corruption in Nouveau GPU driver.

Incorrect locking in the Nouveau GPU driver could cause list corruption,
kernel panics, or video freezes. A malicious local user could use this
to cause denial of service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.