[Ksplice-Fedora-22-updates] New updates available via Ksplice (FEDORA-2015-15864)

[Oracle Ksplice]

Synopsis: FEDORA-2015-15864 can now be patched using Ksplice

Systems running Fedora 22 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2015-15864.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 22 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in IPC semaphores during task exit.

Due to incorrect locking, two tasks with shared IPC semaphore references
could exit and simultaneously try to free the semaphores. This could lead
to a use-after-free and memory corruption, allowing a malicious local user
to cause denial of service.


* Kernel crash in IPC semaphores when waiting on semaphore array.

A missing memory barrier could allow certain memory accesses to happen
outside the intended critical section. A malicious local user could
potentially use this to cause invalid memory accesses and denial of
service.


* Kernel BUG in Xen front-end block device driver.

A logic error in the Xen front-end block device driver could in certain
circumstances cause a kernel BUG while freeing the block device.


* Double free of AUX buffer in perf ring buffer handling.

Incorrect reference counting in the perf ringer buffer code could lead
to a double free and subsequent memory corruption or kernel panic.


* Kernel warnings during perf event migration.

In certain circumstances, perf could attempt to stop or restart an event
on the wrong CPU. A malicious local user with perf access privileges
could cause warnings to appear in the kernel log.


* Memory leak during ring buffer unmapping in Xenbus HVM backend.

Incorrect cleanup in the Xenbus HVM backend driver when unmapping ring
buffers would leak the memory allocated for the buffers. A local user
with access to creating or destroying HVM domains could use this to
exhaust all the memory in the host kernel and cause denial of service.


* Information leak in UC-Logic tablet driver.

Due to an incorrect calculation, it was possible for the UC-Logic USB HID
tablet driver to return privileged data from the kernel stack. A malicious
device could potentially use this to get access to sensitive data.


* Kernel hang in VMware Virtual GPU DRM driver.

In certain low-memory situations, incorrect locking in the VMware
Virtual GPU driver could cause a kernel hang. A malicious user with
access to the device could use this to cause denial of service.


* Double free in FibreChannel library code.

In certain circumstances, receiving a local port request could cause a
double free and subsequent kernel crash.


* Kernel BUG in FibreChannel library code during SCSI device reset.

Incorrect locking in FibreChannel library code could cause a reschedule
while a spinlock was held, thus potentially causing either a kernel
assertion failure or a deadlock. A malicious local user with access to
the SCSI device could use this to cause denial of service.


* Infinite loop during connection teardown iSCSI library code.

Incorrect locking in the iSCSI library code could cause the kernel to
enter an infinite loop.


* NULL pointer dereference in Intel HDA audio driver.

A missing check in the Intel HDA audio driver code could cause a NULL
pointer dereference and subsequent kernel crash when adding channel
maps.


* Information leak in Plan 9 filesystem.

Reading 0 bytes from an empty file on a Plan 9 filesystem would return
uninitialised data from the kernel stack. A malicious local user could
potentially use this to obtain sensitive information about the kernel.


* Deadlock during command queueing in Cisco FNIC driver.

Incorrect locking in the Cisco FNIC driver could cause a deadlock during
command queueing.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.