[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-7313)

[Oracle Ksplice]

Synopsis: FEDORA-2014-7313 can now be patched using Ksplice

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-7313.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Invalid memory access in dynamic debug entry listing.

Modules may attempt to register dynamic debug entries while they don't
really have valid entries. This may cause invalid memory dereference
when listing dynamic debug entries.


* Memory leak in CPU deadline scheduler when releasing scheduler domain.

A missing de-allocation routine when releasing a scheduler domain with the
deadline scheduler can lead to a memory leak. A local, privileged user
could use this flaw to exhaust the memory on the system and cause a
denial-of-service.


* Memory corruption in CPU frequency driver when accessing the current policy.

A lack of locking when accessing the current policy in the CPU frequency
driver could lead to data corruption and kernel panic. A local, privileged
user could use this flaw to cause a denial-of-service.


* Memory corruption in deadline scheduler when the timer thread is moved across CPUs.

A race condition in the timer thread of the deadline scheduler could lead
to a memory corruption if the task affinity changes while it is running. A
local, privileged user could use this flaw to cause kernel panic and
denial-of-service.


* NULL pointer dereference in Radeon graphics drivers.

The Radeon graphics driver fails to verify that VM command submission is
available which can lead to a kernel crash. A local, privileged user could
use this flaw to cause a denial-of-service.


* Information leak in Intel i915 graphics driver when copying execbuffer.

When copying an execbuffer to userspace, the Intel i915 graphics drivers
also exports internal structure that needs to be hidden from userspace.


* Data corruption in multiple devices driver (MD) when reshaping a read only device.

A logic error in the MD driver could lead to data corruption when reshaping
a read only device. A local, privileged user could use this flaw to cause a
denial-of-service.


* Use-after-free in USB host xHCI driver when releasing the device.

Incorrect ordering of de-allocation routines when releasing a xHCI device
could lead to a use-after-free and kernel panic. A local, privileged user
could use this flaw to cause a denial-of-service.


* Use-after-free in memory management subsystem when releasing a VMA.

Incorrect ordering of de-allocation routines when releasing a VMA could
lead to a use-after-free and kernel panic. A local, unprivileged user could
use this flaw to cause a denial-of-service.


* Memory leak in Infiniband SCSI driver when SCSI WRITE command fails.

A missing reference put in the Infiniband SCSI driver when a SCSI WRITE
command with ImmediateData=Yes fails is causing a memory leak. An attacker
could use this flaw to exhaust the memory on the system and cause a
denial-of-service.


* NULL pointer dereference in Target Core Mod when reading from sysfs.

A missing check to verify that the backend device has been configured leads
to a NULL pointer dereference when writing to sysfs file
alua_access_state. A local, privileged user could use this to cause a
denial-of-service.


* Multiple use-after-free in netfilter for IPv6 and Netlink sockets.

Incorrect ordering of de-allocation routines in netfilter
ip6_route_me_harder() and nfnetlink_rcv_batch() error paths leads to a
use-after-free and kernel panic. An attacker could use these flaw to cause
a denial-of-service.


* NULL pointer dereference when remounting NFS filesystem mounted over IPv6.

A missing initialization of the networking namespace field of
nfs_parsed_mount_data structure leads to a NULL pointer dereference and
kernel panic when remounting a NFS filesystem mounted over IPv6. A local,
privileged user could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.