[Ksplice-Fedora-19-updates] New updates available via Ksplice (FEDORA-2014-2606)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Feb 24 13:46:34 PST 2014 

Synopsis: FEDORA-2014-2606 can now be patched using Ksplice
CVEs: CVE-2013-6885 CVE-2014-0038 CVE-2014-0069 CVE-2014-1874 CVE-2014-2038

Systems running Fedora 19 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-2606.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 19 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service in HugeTLB subsystem when splitting a huge page.

A race condition in the HugeTLB code could lead to dereferencing a dangling
pointer during a huge page split resulting in a kernel crash and
denial-of-service.


* Use-after-free in EDAC Intel E752X driver.

Incorrect reference counting in the EDAC Intel E752X driver could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.


* CVE-2014-0038: Privilege escalation in X32 recvmmsg.

Missing pointer validation in the X32 ABI compatible version of the recvmmsg(2)
syscall allows users to write arbitrary data to arbitrary kernel memory. This allows
an unprivileged user to gain kernel code execution.


* Denial-of-service in xHCI drivers when removing driver.

Lack of input validation in the xHCI driver when removing the driver could
lead to a kernel crash. A local, privileged user could use this flaw to
cause a denial-of-service.


* Deadlock in b43 WiFi driver when in soft access-point mode.

Incorrect locking in the b43 WiFi driver could lead to a deadlock. A local,
privileged user could use this flaw to cause a denial-of-service.


* NULL pointer dereference in Lustre filesystem under memory pressure.

A logic error in the error code path of the Lustre filesystem driver could
lead to a NULL pointer dereference and kernel crash. A local, privileged
user could use this flaw to cause a denial-of-service.


* Use-after-free in ATMEL serial driver when unloading the driver.

A race condition in the ATMEL driver code upon removal could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.


* Memory leak in MFD driver on driver removal.

Incorrect initialization of a register map in the MFD driver results in
memory being leaked after driver removal. A local, privileged user could
use this flaw to exhaust the memory on the system and cause a
denial-of-service.


* Memory corruption in ext4 filesystem when truncating small data file.

A missing cast in the ext4 filesystem code could result in memory or data
corruption if truncating an inline file. A local, unprivileged user could
use this flaw to cause a denial-of-service.


* Use-after-free in zram driver when resetting the zram device.

A race condition in the zram code could lead to a use-after-free and kernel
crash. A local, privileged user could use this flaw to cause a
denial-of-service.


* Denial-of-service in USB net driver on DMA transfer.

Incorrect size was used to allocate a scatter gather list for a DMA
transfer, later on potentially resulting in out-of-bounds memory access and
kernel crash. A local, unprivileged user could use this flaw to cause a
denial-of-service.


* Memory leak in ieee8015.4 driver error path when adding interface.

Incorrect reference counting in ieee8015.4 driver error path results in a
memory leak. A local, privileged user could use this flaw to exhaust memory
on the system and to cause a denial-of-service.


* NULL pointer dereference in VIA Rhine driver when resetting the card.

A flaw in the VIA Rhine driver code could result in a NULL pointer
dereference when resetting the ethernet controller. A local, unprivileged
user could potentially use this flaw to cause a denial-of-service.


* NULL pointer dereference in the IPv4 forwarding code for small MTU.

Missing check in the IPv4 forwarding code could result in a NULL pointer
dereference when setting a small MTU on non-IP capable netdevices. A local,
privileged user could use this flaw to cause a denial-of-service.


* Memory leaks in TCP early demux.

Incorrect reference counting on a socket when using TCP early demux leads
to memory leaks. A local, unprivileged user could use this flaw to cause a
denial-of-service.


* Use-after-free in virtio-scsi driver in suspend path.

A flaw in the virtio-scsi code could result in a use-after-free and kernel
crash in the suspend path.


* Information leak in btrfs code when creating a snapshot.

Due to incorrect privilege checks in btrfs code, no restriction was
enforced on subvolumes snapshots. A local, unprivileged user could use this
flaw to have access to parts of the filesystem which were otherwise
protected by Unix permissions.


* CVE-2013-6885: Denial-of-service on AMD processors.

Under a highly specific and detailed set of internal timing conditions, a
locked instruction may trigger a timing sequence whereby the write to a
write combined memory type is not flushed, causing the locked instruction
to stall indefinitely. A local, unprivileged user could use this flaw to
cause a denial-of-service.


* Memory leak in SELinux when loading a policy.

A flaw in SELinux error path policy code loading leads to a memory leak. A
local, privileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in audit subsystem when audit queue overflows.

A logic error in the audit subsystem could result in an infinite loop and
subsequents audit events not being sent. A local, unprivileged user could
use this flaw to cause a denial-of-service of audit.


* Denial-of-service in memory control group on removal.

Incorrect locking in the memory control groups subsystem could lead to an
endless loop on control group removal. A local, privileged user could use
this flaw to cause a denial-of-service.


* CVE-2014-2038: Data corruption in NFSv4 on concurrent client writes.

A logic error in the NFSv4 code could lead to data corruption when clients
write concurrently to the same file. An attacker could use this flaw to
cause data corruption on mounted NFSv4 filesystem.


* Use-after-free in NFSv4 client code when initializing a new client.

A logic error in the NFSv4 client code could lead to a use-after-free and
kernel panic. A local, privileged user could use this flaw to cause a
denial-of-service.


* Denial-of-service in Radeon driver on resume from suspend.

A missing check in the Radeon driver code could lead to a NULL pointer
dereference and kernel oops. A local, privileged user could use this flaw to
cause a denial-of-service.


* Denial-of-service in Direct Rendering Manager on failure path.

A missing initialization in the Direct Rendering code could lead to a NULL
pointer dereference under specific conditions. An attacker could use this
flaw to cause a denial-of-service.


* Denial-of-service in AST, Cirrus and MGAG frame buffer drivers.

A logic error in frame buffer drivers for AST, Cirrus and MGAG could lead
to deadlock.


* Denial-of-service in VMware SVGA2 driver when executing ioctl().

A logic in the error path of VMware SVGA2 driver could lead to lock
imbalance and potentially a leak of memory or kernel deadlock. A local,
privileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in MGA G200 driver when managing the cursor.

A missing check in the MGA G200 cursor management code could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* Use-after-free in ftrace when un-registering a function trace.

A logic error in the ftrace removal code could lead to a race condition
resulting in a use-after-free and kernel crash. A local, privileged user
could use this flaw to cause a denial-of-service.


* Deadlock between high resolution timers and timekeeping subsystem.

Incorrect locking in the time management subsystem could lead to a
deadlock. An attacker could use this flaw to cause a denial-of-service.


* CVE-2014-1874: Denial-of-service in SELinux on empty security context.

Incorrect input validation in the SELinux subsystem could lead to a NULL
pointer dereference. A local, privileged user could use this flaw to cause
a denial-of-service.


* Denial-of-service in Cgroup subsystem when creating a control group.

Incorrect locking in the error path when creating a control group could
lead to memory corruption and kernel panic. A local, privileged user could
user this flaw to cause a denial-of-service.


* Memory corruption in the Pin controller on creation.

Incorrect locking in the Pin controller code could result in a race
condition resulting in memory corruption. A local, privileged user could
use this flaw to cause a denial-of-service.


* CVE-2014-0069: Denial-of-service in CIFS filesystem on uncached writes.

A lack of input validation in the CIFS filesystem code could lead to memory
corruption and kernel crash. A local, unprivileged user could use this flaw
to cause a denial-of-service.


* Denial-of-service in Memory configuration subsystem.

Incorrect locking in the memory configuration subsystem leads to a memory
leak. An attacker could use this flaw to exhaust the memory and potentially
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-19-Updates mailing list