Scientific Linux Security Update : kernel on SL6.x i386/x86_64

This script is Copyright (C) 2012 Tenable Network Security, Inc.


Synopsis :

The remote Scientific Linux host is missing one or more security
updates.

Description :

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security fix :

- Using the SG_IO IOCTL to issue SCSI requests to
partitions or LVM volumes resulted in the requests being
passed to the underlying block device. If a privileged
user only had access to a single partition or LVM
volume, they could use this flaw to bypass those
restrictions and gain read and write access (and be able
to issue other SCSI commands) to the entire block
device.

In KVM (Kernel-based Virtual Machine) environments using raw format
virtio disks backed by a partition or LVM volume, a privileged guest
user could bypass intended restrictions and issue read and write
requests (and other SCSI commands) on the host, and possibly access
the data of other guests that reside on the same underlying block
device. Partition-based and LVM-based storage pools are not used by
default. (CVE-2011-4127, Important)

Bug fixes :

- Previously, idle load balancer kick requests from other
CPUs could be serviced without first receiving an
inter-processor interrupt (IPI). This could have led to
a deadlock.

- This update fixes a performance regression that may have
caused processes (including KVM guests) to hang for a
number of seconds.

- When md_raid1_unplug_device() was called while holding a
spinlock, under certain device failure conditions, it
was possible for the lock to be requested again, deeper
in the call chain, causing a deadlock. Now,
md_raid1_unplug_device() is no longer called while
holding a spinlock.

- In hpet_next_event(), an interrupt could have occurred
between the read and write of the HPET (High Performance
Event Timer) and the value of HPET_COUNTER was then
beyond that being written to the comparator
(HPET_Tn_CMP). Consequently, the timers were overdue for
up to several minutes. Now, a comparison is performed
between the value of the counter and the comparator in
the HPET code. If the counter is beyond the comparator,
the '-ETIME' error code is returned.

- Index allocation in the virtio-blk module was based on a
monotonically increasing variable 'index'. Consequently,
released indexes were not reused and after a period of
time, no new were available. Now, virtio-blk uses the
ida API to allocate indexes.

- A bug related to Context Caching existed in the Intel
IOMMU support module. On some newer Intel systems, the
Context Cache mode has changed from previous hardware
versions, potentially exposing a Context coherency race.
The bug was exposed when performing a series of hot plug
and unplug operations of a Virtual Function network
device which was immediately configured into the network
stack, i.e., successfully performed dynamic host
configuration protocol (DHCP). When the coherency race
occurred, the assigned device would not work properly in
the guest virtual machine. With this update, the Context
coherency is corrected and the race and potentially
resulting device assignment failure no longer occurs.

- The align_va_addr kernel parameter was ignored if
secondary CPUs were initialized. This happened because
the parameter settings were overridden during the
initialization of secondary CPUs. Also, the
align_va_addr parameter documentation contained
incorrect parameter arguments. With this update, the
underlying code has been modified to prevent the
overriding and the documentation has been updated.

- Dell systems based on a future Intel processor with
graphics acceleration required the selection of the
install system with basic video driver installation
option. This update removes this requirement.

See also :

http://www.nessus.org/u?37025e11

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.6
(CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P)

Family: Scientific Linux Local Security Checks

Nessus Plugin ID: 61212 ()

Bugtraq ID:

CVE ID: CVE-2011-4127