[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-2187)

Thu Feb 13 09:07:59 PST 2014

Synopsis: FEDORA-2014-2187 can now be patched using Ksplice
CVEs: CVE-2013-6885 CVE-2014-0038

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-2187.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service in HugeTLB subsystem when splitting a huge page.

A race condition in the HugeTLB code could lead to dereferencing a dangling
pointer during a huge page split resulting in a kernel crash and
denial-of-service.

* Use-after-free in EDAC Intel E752X driver.

Incorrect reference counting in the EDAC Intel E752X driver could lead to a
user-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.

* CVE-2014-0038: Privilege escalation in X32 recvmmsg.

Missing pointer validation in the X32 ABI compatible version of the recvmmsg(2)
syscall allows users to write arbitrary data to arbitrary kernel memory. This allows
an unprivileged user to gain kernel code execution.

* Denial-of-service in xHCI drivers when removing driver.

Lack of input validation in the xHCI driver when removing the driver could
lead to a kernel crash. A local, privileged user could use this flaw to
cause a denial-of-service.

* NULL pointer dereference in USB Core driver when removing a hub.

Missing locking in the USB Core driver could lead to a NULL pointer
dereference and kernel oops when unbinding a USB driver. A local,
privileged user could use this flaw to cause a denial-of-service.

* Deadlock in b43 WiFi driver when in soft access-point mode.

Incorrect locking in the b43 WiFi driver could lead to a deadlock. A local,
privileged user could use this flaw to cause a denial-of-service.

* NULL pointer dereference in Lustre filesystem under memory pressure.

A logic error in the error code path of the Lustre filesystem driver could
lead to a NULL pointer dereference and kernel crash. A local, privileged
user could use this flaw to cause a denial-of-service.

* Use-after-free in ATMEL serial driver when unloading the driver.

A race condition in the ATMEL driver code upon removal could lead to a
use-after-free and kernel crash. A local, privileged user could use this
flaw to cause a denial-of-service.

* Memory leak in MFD driver on driver removal.

Incorrect initialization of a register map in the MFD driver results in
memory being leaked after driver removal. A local, privileged user could
use this flaw to exhaust the memory on the system and cause a
denial-of-service.

* Memory corruption in ext4 filesystem when truncating small data file.

A missing cast in the ext4 filesystem code could result in memory or data
corruption if truncating an inline file. A local, unprivileged user could
use this flaw to cause a denial-of-service.

* Data corruption in LVM/Raid btree sorting algorithm.

A flaw in the btree algorithm for LVM/Raid could lead into data corruption
under specific circumstances.

* Use-after-free in zram driver when resetting the zram device.

A race condition in the zram code could lead to a use-after-free and kernel
crash. A local, privileged user could use this flaw to cause a
denial-of-service.

* Denial-of-service in USB net driver on DMA transfer.

Incorrect size was used to allocate a scatter gather list for a DMA
transfer, later on potentially resulting in out-of-bounds memory access and
kernel crash. A local, unprivileged user could use this flaw to cause a
denial-of-service.

* Memory leak in ieee8015.4 driver error path when adding interface.

Incorrect reference counting in ieee8015.4 driver error path results in a
memory leak. A local, privileged user could use this flaw to exhaust memory
on the system and to cause a denial-of-service.

* NULL pointer dereference in VIA Rhine driver when resetting the card.

A flaw in the VIA Rhine driver code could result in a NULL pointer
dereference when resetting the ethernet controller. A local, unprivileged
user could potentially use this flaw to cause a denial-of-service.

* NULL pointer dereference in the IPv4 forwarding code for small MTU.

Missing check in the IPv4 forwarding code could result in a NULL pointer
dereference when setting a small MTU on non-IP capable netdevices. A local,
privileged user could use this flaw to cause a denial-of-service.

* Memory leaks in TCP early demux.

Incorrect reference counting on a socket when using TCP early demux leads
to memory leaks. A local, unprivileged user could use this flaw to cause a
denial-of-service.

* Use-after-free in virtio-scsi driver in suspend path.

A flaw in the virtio-scsi code could result in a use-after-free and kernel
crash in the suspend path.

* Information leak in btrfs code when creating a snapshot.

Due to incorrect privilege checks in btrfs code, no restriction was
enforced on subvolumes snapshots. A local, unprivileged user could use this
flaw to have access to parts of the filesystem which were otherwise
protected by Unix permissions.

* CVE-2013-6885: Denial-of-service on AMD processors.

Under a highly specific and detailed set of internal timing conditions, a
locked instruction may trigger a timing sequence whereby the write to a
write combined memory type is not flushed, causing the locked instruction
to stall indefinitely. A local, unprivileged user could use this flaw to
cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.