[Ksplice-Fedora-20-updates] New updates available via Ksplice (FEDORA-2014-13045)

Oracle Ksplice ksplice-support_ww at oracle.com
Mon Oct 20 07:23:01 PDT 2014 

Synopsis: FEDORA-2014-13045 can now be patched using Ksplice
CVEs: CVE-2014-7970 CVE-2014-7975

Systems running Fedora 20 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2014-13045.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack on Fedora 20 install
these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Use-after-free in perf subsystem on fork error path.

A flaw in the perf subsystem could lead to releasing a perf event on fork
failure while it is still in use, leading to a use-after-free and kernel
panic. A local attacker could use this flaw to cause a denial-of-service.


* Kernel BUG() in processor clocking control interface driver.

Incorrect locking in the processor clocking control interface driver could
make the kernel sleep while in atomic context, leading to a kernel BUG(). A
local attacker could use this flaw to cause a denial-of-service.


* Buffer overflow in raw packet socket receive function.

Lack of bounds checking when receiving a packet in the raw packet driver
could lead to a buffer overflow and overwrite of kernel memory. A remote
attacker could use this flaw to cause a denial-of-service or potentially
escalate privileges.


* Kernel BUG() in IPv6 on route metrics commit.

Incorrect flags used to allocate memory when committing route metrics could
make the kernel sleep while in atomic context, causing a kernel BUG() and
denial-of-service.


* Kernel BUG() in openvswitch driver when using multiple VLAN headers.

A flaw in the openvswitch driver on receive of a frame with multiple VLAN
headers leads to a kernel BUG(). A remote attacker could use this flaw to
cause a denial-of-service.


* Divide by zero in bonding driver when enslaving and transmitting.

A flaw in the bonding driver could lead to a division by zero in kernel
when enslaving and transmitting in round robin or XOR mode. An attacker
could use this flaw to cause a denial-of-service.


* Memory corruption in macvtap driver on concurrent delete and open.

Incorrect locking in the macvtap driver could lead to a list corruption and
kernel panic when deleting and opening macvtap devices concurrently. A
local, privileged user could use this flaw to cause a denial-of-service.


* Multiple use-after-free in HyperV network driver when transmitting.

Multiple flaws in the HyperV network driver could lead to a use-after-free
and kernel panic. A local user could use this flaw to cause a
denial-of-service.


* NULL pointer dereference in LT2P stack when getting PMTU.

A race condition in the LT2P stack when getting PMTU over PPP could lead to
a NULL pointer dereference and kernel panic. A local attacker could use
this flaw to cause a denial-of-service.


* Out of bounds memory access in crypto CAAM driver when computing hash.

A flaw in the crypto CAAM driver leads to out of bounds memory access when
computing a hash, potentially leading to a kernel crash. A local attacker
could use this flaw to cause a denial-of-service or potentially escalate
privileges.


* Double-free in base node driver when unregistering a node.

An extra call to kfree() when unregistering a node leads to a double free
and kernel panic. A local user could use this flaw to cause a
denial-of-service.


* Data corruption in GFS2 file system on rename.

A flaw in the GFS2 file system could cause a dirent write on an invalid
location when renaming a file, leading to data corruption. An attacker
could use this flaw to cause data loss and potentially denial-of-service.


* CVE-2014-7970: Memory corruption when using pivot_root.

A flaw in the pivot_root syscall leads to a corruption of the mount tree
when calling with a directory outside a chroot. A local user could use this
flaw to cause a memory corruption and likely a denial-of-service.


* NULL pointer dereference in bcache btree when allocating a memory pool.

The return value of a call to mempool_alloc() with GFP_NOWAIT wasn't
checked, leading to a NULL pointer dereference and denial-of-service.


* CVE-2014-7975: Denial-of-service in do_umount.

A missing capability check in do_umount allows unprivileged local users to
remount the root file system read-only, causing a denial-of-service (loss
of writability).

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.

More information about the Ksplice-Fedora-20-Updates mailing list