[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-3655)

[Oracle Ksplice]

Synopsis: FEDORA-2014-3655 can now be patched using Ksplice

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-3655.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Deadlock in ext4 filesystem in swap_inode_boot_loader() error path.

Incorrect locking in the error path of swap_inode_boot_loader() leaves a
mutex unlocked leading to a deadlock. A local, privileged user could use
this flaw to cause a denial-of-service.


* Data corruption in ext4 when resizing with non-standard blocks-per-group number.

A flaw in the ext4 resizing code could lead to data corruptions when the
number of blocks per group is not 8.


* Denial-of-service in ext4 when resizing with large inode tables.

A flaw in the ext4 code when resizing a filesystem with large number of
inodes per block group could lead to a kernel BUG. A local, privileged user
could use this flaw to cause a denial-of-service.


* Use-after-free in JDB2 transaction code.

A flaw in the JBD2 code could lead to a use-after-free and kernel crash. A
local, privileged user could use this flaw to cause a denial-of-service.


* Deadlock in the tg3 ethernet driver when changing the MTU.

Incorrect locking in the tg3 ethernet driver could lead to a deadlock when
changing the MTU. A local, privileged user could use this flaw to cause a
denial-of-service.


* Deadlock in vhost net driver when releasing resources.

A time of check time of use race condition in the vhost reference counting
could lead to a deadlock and potentially to a denial-of-service.


* Denial-of-service in net core when allocating sk_buff under memory pressure.

A flaw in the net core subsystem when allocating a sk_buff under memory
pressure could lead to trigger OOM and potentially result in a
denial-of-service.


* Memory leaks in batman-adv driver in various conditions.

Incorrect reference counting in the batman-adv driver in various places
could lead to memory leaks. A local, privileged user could use this flaw to
exhaust the memory on the system and cause a denial-of-service.


* Out of bounds memory read in the routing code of batman-adv driver.

A logic error in the batman-adv driver could lead to a out of bounds memory
read, potentially resulting in a kernel crash. A local, privileged user
could use this flaw to cause a denial-of-service.


* Double-free in batman-adv driver on initialization failure.

A logic error in the batman-adv driver could lead to a double-free and
potentially a kernel crash. A local, privileged user could use this flaw to
cause a denial-of-service or potentially escalate privileges.


* Denial-of-service in batman-adv driver on unicast transmission.

A flaw in the batman-adv driver code could lead to dereference a dangling
pointer on unicast transmissions. A local, unprivileged user could use this
flaw to cause a denial-of-service.


* Denial-of-service in cgroup subsystem when creating cgroup files.

A time of check time of use race condition could lead to a kernel crash in
the cgroup subsystem. A local, unprivileged user could use this flaw to
cause a denial-of-service.


* Denial-of-service in cgroup subsystem when adding a cgroup to a task.

Incorrect locking in the cgroup subsystem could lead to list corruptions
and kernel crash under specific conditions. A local, unprivileged user
could use this flaw to cause a denial-of-service.


* Deadlock in PCI DMA subsystem when allocating a DMA buffer.

A logic error in the PCI DMA architecture dependent code could lead to a
deadlock.


* Memory leak in ACPI PCI when enabling IRQ.

A flaw in the ACPI PCI IRQ driver could lead to leak memory. A local,
privileged user could use this flaw to exhaust the memory on the system and
cause a denial-of-service.


* Use-after-free in i7 EDAC driver when iterating PCI devices.

Due to incorrect reference counting in the i7 EDAC driver, a use-after-free
could result in a kernel crash and denial-of-service.


* Use-after-free in workqueue subsystem when destroying a worker.

Incorrect reference counting in the workqueue subsystem could lead to a
use-after-free and kernel crash.


* Use-after-free in Intel MEI driver on send flow control failure.

A flaw in the MEI driver could lead to a use-after-free and kernel crash. A
local privileged user could use this flaw to cause a denial-of-service.


* Denial-of-service in perf subsystem when hotplugging CPU.

Incorrect locking in the perf subsystem could lead to use-after-free and
kernel crash when hotplugging a CPU. A local, privileged user could use
this flaw to cause a denial-of-service.


* Deadlock in Arizona haptics input driver.

A flaw in the Arizona haptics input driver leads to a double mutex_lock()
resulting in a deadlock and denial-of-service.


* Denial-of-service in QLogic driver on selective retransmission request.

A missing check in the QLogic driver code results in NULL pointer
dereference and kernel crash. A remote user could use this flaw to cause a
denial-of-service.


* Deadlock in firmware class driver on suspend path.

A flaw in the firmware class driver results in a deadlock and kernel
hang. A local, privileged user could use this flaw to cause a
denial-of-service.


* Use-after-free in STE DMA driver tasklet.

A flaw in the STE DMA driver results in a use-after-free and potentially to
a kernel crash.


* Denial-of-service in Radeon DRM driver when opening mode setting interface.

A flaw in the Radeon DRM driver could lead to a kernel crash on opening the
kernel mode setting interface. A local, privileged user could use this flaw
to cause a denial-of-service.


* Denial-of-service in transparent huge page subsystem under memory pressure.

A flaw in the memory and transparent huge page subsystems could lead to a
kernel hang when handling a page fault under memory pressure. A local,
unprivileged user could use this flaw to cause a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.