http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=371528caec553785c37f73fa3926ea0de84f986f

FEDORA-2012-3712

SUSE-SU-2012:0554

48898

48964

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.10

[oss-security] 20120307 Re: CVE request -- kernel: mm: memcg: unregistring of events attached to the same eventfd can lead to oops

https://bugzilla.redhat.com/show_bug.cgi?id=800813

kernel-memcg-dos(73711)

https://github.com/torvalds/linux/commit/371528caec553785c37f73fa3926ea0de84f986f

The openSUSE 11.4 kernel was updated to fix various bugs and security issues.

This is the final update of the 2.6.37 kernel of openSUSE 11.4.

This kernel update of the openSUSE 12.1 kernel fixes lots of bugs and security issues.

Following issues were fixed :

  - tcp: drop SYN+FIN messages (bnc#765102).

  - net: sock: validate data_len before allocating skb in     sock_alloc_send_pskb() (bnc#765320, CVE-2012-2136).

  - fcaps: clear the same personality flags as suid when     fcaps are used (bnc#758260 CVE-2012-2123).

  - macvtap: zerocopy: validate vectors before building skb     (bnc#758243 CVE-2012-2119).

  - hfsplus: Fix potential buffer overflows (bnc#760902     CVE-2009-4020).

  - xfrm: take net hdr len into account for esp payload size     calculation (bnc#759545).

  - ext4: fix undefined behavior in ext4_fill_flex_info()     (bnc#757278).

  - igb: fix rtnl race in PM resume path (bnc#748859).

  - ixgbe: add missing rtnl_lock in PM resume path     (bnc#748859).

  - b43: allocate receive buffers big enough for max frame     len + offset (bnc#717749).

  - xenbus: Reject replies with payload >     XENSTORE_PAYLOAD_MAX.

  - xenbus_dev: add missing error checks to watch handling.

  - hwmon: (coretemp-xen) Fix TjMax detection for older     CPUs.

  - hwmon: (coretemp-xen) Relax target temperature range     check.

  - Refresh other Xen patches.

  - tlan: add cast needed for proper 64 bit operation     (bnc#756840).

  - dl2k: Tighten ioctl permissions (bnc#758813).

  - [media] cx22702: Fix signal strength.

  - fs: cachefiles: Add support for large files in     filesystem caching (bnc#747038).

  - bridge: correct IPv6 checksum after pull (bnc#738644).

  - bridge: fix a possible use after free (bnc#738644).

  - bridge: Pseudo-header required for the checksum of     ICMPv6 (bnc#738644).

  - bridge: mcast snooping, fix length check of snooped     MLDv1/2 (bnc#738644).

  - PCI/ACPI: Report ASPM support to BIOS if not disabled     from command line (bnc#714455).

  - ipc/sem.c: fix race with concurrent semtimedop()     timeouts and IPC_RMID (bnc#756203).

  - drm/i915/crt: Remove 0xa0 probe for VGA.

  - tty_audit: fix tty_audit_add_data live lock on audit     disabled (bnc#721366).

  - drm/i915: suspend fbdev device around suspend/hibernate     (bnc#732908).

  - dlm: Do not allocate a fd for peeloff (bnc#729247).

  - sctp: Export sctp_do_peeloff (bnc#729247).

  - i2c-algo-bit: Fix spurious SCL timeouts under heavy     load.

  - patches.fixes/epoll-dont-limit-non-nested.patch: Don't     limit non-nested epoll paths (bnc#676204).

  - Update patches.suse/sd_init.mark_majors_busy.patch     (bnc#744658).

  - igb: Fix for Alt MAC Address feature on 82580 and later     devices (bnc#746980).

  - mark busy sd majors as allocated (bug#744658).

  - regset: Return -EFAULT, not -EIO, on host-side memory     fault (bnc# 750079 CVE-2012-1097).

  - regset: Prevent NULL pointer reference on readonly     regsets (bnc#750079 CVE-2012-1097).

  - mm: memcg: Correct unregistring of events attached to     the same eventfd (CVE-2012-1146 bnc#750959).

  - befs: Validate length of long symbolic links     (CVE-2011-2928 bnc#713430).

  - si4713-i2c: avoid potential buffer overflow on si4713     (CVE-2011-2700 bnc#707332).

  - staging: comedi: fix infoleak to userspace     (CVE-2011-2909 bnc#711941).

  - hfs: add sanity check for file name length     (CVE-2011-4330 bnc#731673).

  - cifs: fix dentry refcount leak when opening a FIFO on     lookup (CVE-2012-1090 bnc#749569).

  - drm: integer overflow in drm_mode_dirtyfb_ioctl()     (CVE-2012-0044 bnc#740745).

  - xfs: fix acl count validation in xfs_acl_from_disk()     (CVE-2012-0038 bnc#740703).

  - xfs: validate acl count (CVE-2012-0038 bnc#740703).

  -     patches.fixes/xfs-fix-possible-memory-corruption-in-xfs_     readlink: Work around missing xfs_alert().

  - xfs: Fix missing xfs_iunlock() on error recovery path in     xfs_readlink() (CVE-2011-4077 bnc#726600).

  - xfs: Fix possible memory corruption in xfs_readlink     (CVE-2011-4077 bnc#726600).

  - ext4: make ext4_split_extent() handle error correctly.

  - ext4: ext4_ext_convert_to_initialized bug found in     extended FSX testing.

  - ext4: add ext4_split_extent_at() and     ext4_split_extent().

  - ext4: reimplement convert and split_unwritten     (CVE-2011-3638 bnc#726045).

  - patches.fixes/epoll-limit-paths.patch: epoll: limit     paths (bnc#676204 CVE-2011-1083).

  - patches.kabi/epoll-kabi-fix.patch: epoll: hide kabi     change in struct file (bnc#676204 CVE-2011-1083).

  - NAT/FTP: Fix broken conntrack (bnc#681639 bnc#466279     bnc#747660).

  - igmp: Avoid zero delay when receiving odd mixture of     IGMP queries (bnc#740448 CVE-2012-0207).

  - jbd2: clear BH_Delay & BH_Unwritten in     journal_unmap_buffer (bnc#745832 CVE-2011-4086).

  - AppArmor: fix oops in apparmor_setprocattr (bnc#717209     CVE-2011-3619).

  - Refresh patches.suse/SoN-22-netvm.patch. Clean and
    *working* patches.

  - Refresh patches.suse/SoN-22-netvm.patch. (bnc#683671)     Fix an rcu locking imbalance in the receive path     triggered when using vlans.

  - Fix mangled patch (invalid date) Although accepted by     `patch`, this is rejected by `git apply`

  - Fix mangled diff lines (leading space tab vs tab)     Although accepted by `patch`, these are rejected by `git     apply`

  - jbd/jbd2: validate sb->s_first in     journal_get_superblock() (bnc#730118).

  - fsnotify: don't BUG in fsnotify_destroy_mark()     (bnc#689860).

  - Fix     patches.fixes/x25-Handle-undersized-fragmented-skbs.patc     h (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-Prevent-skb-overreads-when-checking-ca     ll-user-da.patch (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-Validate-incoming-call-user-data-lengt     hs.patch (CVE-2010-3873 bnc#651219).

  - Fix     patches.fixes/x25-possible-skb-leak-on-bad-facilities.pa     tch (CVE-2010-3873 bnc#651219 CVE-2010-4164 bnc#653260).

  - Update     patches.fixes/econet-4-byte-infoleak-to-the-network.patc     h (bnc#681186 CVE-2011-1173). Fix reference.

  - hwmon: (w83627ehf) Properly report thermal diode     sensors.

  - nl80211: fix overflow in ssid_len (bnc#703410     CVE-2011-2517).

  - nl80211: fix check for valid SSID size in scan     operations (bnc#703410 CVE-2011-2517).

  - x25: Prevent skb overreads when checking call user data     (CVE-2010-3873 bnc#737624).

  - x25: Handle undersized/fragmented skbs (CVE-2010-3873     bnc#737624).

  - x25: Validate incoming call user data lengths     (CVE-2010-3873 bnc#737624).

  - x25: possible skb leak on bad facilities (CVE-2010-3873     bnc#737624).

  - net: Add a flow_cache_flush_deferred function     (bnc#737624).

  - xfrm: avoid possible oopse in xfrm_alloc_dst     (bnc#737624).

  - scm: lower SCM_MAX_FD (bnc#655696 CVE-2010-4249).

This kernel update fixes various bugs and security issues.

For bugfixes,

  - a lot of BTRFS bugs were fixed

  - a performance issue with transparent huge pages was     fixed which could have caused huge slowdowns when doing     I/O over e.g. USB sticks.

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086)

A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100)

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. (CVE-2011-4347)

Stephan Barwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service.
(CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100)

Tetsuo Handa reported a flaw in the OOM (out of memory) killer of the Linux kernel. A local unprivileged user can exploit this flaw to cause system unstability and denial of services. (CVE-2012-4398).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A flaw was found in the Linux's kernels ext4 file system when mounted with a journal. A local, unprivileged user could exploit this flaw to cause a denial of service. (CVE-2011-4086)

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. (CVE-2011-4347)

Stephan Barwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service.
(CVE-2012-0045)

A flaw was discovered in the Linux kernel's cifs file system. An unprivileged local user could exploit this flaw to crash the system leading to a denial of service. (CVE-2012-1090)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146)

A flaw was found in the Linux kernel's handling of paged memory. A local unprivileged user, or a privileged user within a KVM guest, could exploit this flaw to crash the system. (CVE-2012-1179)

Tetsuo Handa reported a flaw in the OOM (out of memory) killer of the Linux kernel. A local unprivileged user can exploit this flaw to cause system unstability and denial of services. (CVE-2012-4398).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 SP2 kernel has been updated to 3.0.26, which fixes a lot of bugs and security issues.

The following security issues have been fixed :

  - A locking problem in transparent hugepage support could     be used by local attackers to potentially crash the     host, or via kvm a privileged guest user could crash the     kvm host system. (CVE-2012-1179)

  - A potential hypervisor escape by issuing SG_IO commands     to partitiondevices was fixed by restricting access to     these commands. (CVE-2011-4127)

  - A local attacker could oops the kernel using memory     control groups and eventfds. (CVE-2012-1146)

  - Limit the path length users can build using epoll() to     avoid local attackers consuming lots of kernel CPU time.
    (CVE-2011-1083)

  - The regset common infrastructure assumed that regsets     would always have .get and .set methods, but necessarily     .active methods. Unfortunately people have since written     regsets without .set method, so NULL pointer dereference     attacks were possible. (CVE-2012-1097)

  - Access to the /proc/pid/taskstats file requires root     access to avoid side channel (timing keypresses etc.)     attacks on other users. (CVE-2011-2494)

  - Fixed a oops in jbd/jbd2 that could be caused by     specific filesystem access patterns. (CVE-2011-4086)

  - A malicious NFSv4 server could have caused a oops in the     nfsv4 acl handling. (CVE-2011-4131)

  - Fixed a oops in jbd/jbd2 that could be caused by     mounting a malicious prepared filesystem. (Also included     are all fixes from the 3.0.14 -> 3.0.25 stable kernel     updates.). (CVE-2011-4132)

The following non-security issues have been fixed :

EFI :

  - efivars: add missing parameter to efi_pstore_read().
    BTRFS :

  - add a few error cleanups.

  - btrfs: handle errors when excluding super extents     (FATE#306586 bnc#751015).

  - btrfs: Fix missing goto in btrfs_ioctl_clone.

  - btrfs: Fixed mishandled -EAGAIN error case from     btrfs_split_item. (bnc#750459)

  - btrfs: disallow unequal data/metadata blocksize for     mixed block groups (FATE#306586).

  - btrfs: enhance superblock sanity checks (FATE#306586     bnc#749651).

  - btrfs: update message levels (FATE#306586).

  - btrfs 3.3-rc6 updates :

  - avoid setting ->d_op twice (FATE#306586 bnc#731387).

  - btrfs: fix wrong information of the directory in the     snapshot (FATE#306586).

  - btrfs: fix race in reada (FATE#306586).

  - btrfs: do not add both copies of DUP to reada extent     tree (FATE#306586).

  - btrfs: stop silently switching single chunks to raid0 on     balance (FATE#306586).

  - btrfs: fix locking issues in find_parent_nodes()     (FATE#306586).

  - btrfs: fix casting error in scrub reada code     (FATE#306586).

  - btrfs sync with upstream up to 3.3-rc5 (FATE#306586)

  - btrfs: Sector Size check during Mount

  - btrfs: avoid positive number with ERR_PTR

  - btrfs: return the internal error unchanged if     btrfs_get_extent_fiemap() call failed for     SEEK_DATA/SEEK_HOLE inquiry.

  - btrfs: fix trim 0 bytes after a device delete

  - btrfs: do not check DUP chunks twice

  - btrfs: fix memory leak in load_free_space_cache()

  - btrfs: delalloc for page dirtied out-of-band in fixup     worker

  - btrfs: fix structs where bitfields and spinlock/atomic     share 8B word.

  - btrfs: silence warning in raid array setup.

  - btrfs: honor umask when creating subvol root.

  - btrfs: fix return value check of extent_io_ops.

  - btrfs: fix deadlock on page lock when doing     auto-defragment.

  - btrfs: check return value of lookup_extent_mapping()     correctly.

  - btrfs: skip states when they does not contain bits to     clear.

  - btrfs: kick out redundant stuff in convert_extent_bit.

  - btrfs: fix a bug on overcommit stuff.

  - btrfs: be less strict on finding next node in     clear_extent_bit.

  - btrfs: improve error handling for btrfs_insert_dir_item     callers.

  - btrfs: make sure we update latest_bdev.

  - btrfs: add extra sanity checks on the path names in     btrfs_mksubvol.

  - btrfs: clear the extent uptodate bits during parent     transid failures.

  - btrfs: increase the global block reserve estimates.

  - btrfs: fix compiler warnings on 32 bit systems.

  - Clean up unused code, fix use of error-indicated pointer     in transaction teardown. (bnc#748854)

  - btrfs: fix return value check of extent_io_ops.

  - btrfs: fix deadlock on page lock when doing     auto-defragment.

  - btrfs: check return value of lookup_extent_mapping()     correctly.

  - btrfs: skip states when they does not contain bits to     clear.

  - btrfs: kick out redundant stuff in convert_extent_bit.

  - btrfs: fix a bug on overcommit stuff.

  - btrfs: be less strict on finding next node in     clear_extent_bit.

  - btrfs: do not reserve data with extents locked in     btrfs_fallocate.

  - btrfs: avoid positive number with ERR_PTR.

  - btrfs: return the internal error unchanged if     btrfs_get_extent_fiemap() call failed for     SEEK_DATA/SEEK_HOLE inquiry.

  - btrfs: fix trim 0 bytes after a device delete.

  - btrfs: do not check DUP chunks twice.

  - btrfs: fix memory leak in load_free_space_cache().

  - btrfs: fix permissions of new subvolume. (bnc#746373)

  - btrfs: set ioprio of scrub readahead to idle.

  - fix logic in condition in     BTRFS_FEATURE_INCOMPAT_MIXED_GROUPS

  - fix incorrect exclusion of superblock from blockgroups.
    (bnc#751743)

  -     patches.suse/btrfs-8059-handle-errors-when-excluding-sup     er-extents.patch: fix incorrect default value.

  - fix aio/dio bio refcounting bnc#718918.

  - btrfs: fix locking issues in find_parent_nodes()

  - Btrfs: fix casting error in scrub reada code

  -     patches.suse/btrfs-8059-handle-errors-when-excluding-sup     er-extents.patch: Fix uninitialized variable.

  - btrfs: handle errors from read_tree_block. (bnc#748632)

  - btrfs: push-up errors from btrfs_num_copies.
    (bnc#748632)

  -     patches.suse/btrfs-8059-handle-errors-when-excluding-sup     er-extents.patch: disable due to potential corruptions     (bnc#751743) XFS :

  - XFS read/write calls do not generate DMAPI events.
    (bnc#751885)

  - xfs/dmapi: Remove cached vfsmount. (bnc#749417)

  - xfs: Fix oops on IO error during     xlog_recover_process_iunlinks() (bnc#716850). NFS :

  - nfs: Do not allow multiple mounts on same mountpoint     when using -o noac. (bnc#745422)

  - lockd: fix arg parsing for grace_period and timeout     (bnc#733761). MD :

  - raid10: Disable recovery when recovery cannot proceed.
    (bnc#751171)

  - md/bitmap: ensure to load bitmap when creating via     sysfs.

  - md: do not set md arrays to readonly on shutdown.
    (bnc#740180, bnc#713148, bnc#734900)

  - md: allow last device to be forcibly removed from     RAID1/RAID10. (bnc#746717)

  - md: allow re-add to failed arrays. (bnc#746717)

  - md: Correctly handle read failure from last working     device in RAID10. (bnc#746717)

  -     patches.suse/0003-md-raid1-add-failfast-handling-for-wri     tes.patch: Refresh to not crash when handling write     error on FailFast devices. bnc#747159

  - md/raid10: Fix kernel oops during drive failure.
    (bnc#750995)

  - patches.suse/md-re-add-to-failed: Update references.
    (bnc#746717)

  - md/raid10: handle merge_bvec_fn in member devices.

  - md/raid10 - support resizing some RAID10 arrays. Hyper-V :

  - update hyperv drivers to 3.3-rc7 and move them out of     staging: hv_timesource -> merged into core kernel     hv_vmbus -> drivers/hv/hv_vmbus hv_utils ->     drivers/hv/hv_utils hv_storvsc ->     drivers/scsi/hv_storvsc hv_netvsc ->     drivers/net/hyperv/hv_netvsc hv_mousevsc ->     drivers/hid/hid-hyperv add compat modalias for     hv_mousevsc update supported.conf rename all 333     patches, use msft-hv- and suse-hv- as prefix

  - net/hyperv: Use netif_tx_disable() instead of     netif_stop_queue() when necessary.

  - net/hyperv: rx_bytes should account the ether header     size.

  - net/hyperv: fix the issue that large packets be dropped     under bridge.

  - net/hyperv: Fix the page buffer when an RNDIS message     goes beyond page boundary.

  - net/hyperv: fix erroneous NETDEV_TX_BUSY use. SCSI :

  - sd: mark busy sd majors as allocated (bug#744658).

  - st: expand tape driver ability to write immediate     filemarks. (bnc#688996)

  - scsi scan: do not fail scans when host is in recovery     (bnc#747867). S/390 :

  - dasd: Implement block timeout handling. (bnc#746717)

  - callhome: fix broken proc interface and activate compid     (bnc#748862,LTC#79115).

  - ctcmpc: use correct idal word list for ctcmpc     (bnc#750173,LTC#79264).

  - Fix recovery in case of concurrent asynchronous     deliveries (bnc#748629,LTC#78309).

  - kernel: 3215 console deadlock (bnc#748629,LTC#78612).

  - qeth: synchronize discipline module loading     (bnc#748629,LTC#78788).

  - memory hotplug: prevent memory zone interleave     (bnc#748629,LTC#79113).

  - dasd: fix fixpoint divide exception in define_extent     (bnc#748629,LTC#79125).

  - kernel: incorrect kernel message tags     (bnc#744795,LTC#78356).

  - lcs: lcs offline failure (bnc#752484,LTC#79788).

  - qeth: add missing wake_up call (bnc#752484,LTC#79899).

  - dasd: Terminate inactive cqrs correctly. (bnc#750995)

  - dasd: detailed I/O errors. (bnc#746717)

  - patches.suse/dasd-blk-timeout.patch: Only activate     blk_timeout for failfast requests (bnc#753617). ALSA :

  - ALSA: hda - Set codec to D3 forcibly even if not used.
    (bnc#750426)

  - ALSA: hda - Add Realtek ALC269VC codec support.
    (bnc#748827)

  - ALSA: hda/realtek - Apply the coef-setup only to     ALC269VB. (bnc#748827)

  - ALSA: pcm - Export snd_pcm_lib_default_mmap() helper.
    (bnc#748384,bnc#738597)

  - ALSA: hda - Add snoop option. (bnc#748384,bnc#738597)

  - ALSA: HDA: Add support for new AMD products.
    (bnc#748384,bnc#738597)

  - ALSA: hda - Fix audio playback support on HP Zephyr     system. (bnc#749787)

  - ALSA: hda - Fix mute-LED VREF value for new HP laptops     (bnc#745741). EXT3 :

  - enable     patches.suse/ext3-increase-reservation-window.patch. DRM :

  - drm/i915: Force explicit bpp selection for     intel_dp_link_required. (bnc#749980)

  - drm/i915/dp: Dither down to 6bpc if it makes the mode     fit. (bnc#749980)

  - drm/i915/dp: Read more DPCD registers on connection     probe. (bnc#749980)

  - drm/i915: fixup interlaced bits clearing in PIPECONF on     PCH_SPLIT. (bnc#749980)

  - drm/i915: read full receiver capability field during DP     hot plug. (bnc#749980)

  - drm/intel: Fix initialization if startup happens in     interlaced mode [v2]. (bnc#749980)

  - drm/i915 IVY/SNB fix patches from upstream 3.3-rc5 &amp;
    rc6:
    patches.drivers/drm-i915-Prevent-a-machine-hang-by-check     ing-crtc-act,     patches.drivers/drm-i915-do-not-enable-RC6p-on-Sandy-Bri     dge,     patches.drivers/drm-i915-fix-operator-precedence-when-en     abling-RC6p,     patches.drivers/drm-i915-gen7-Disable-the-RHWO-optimizat     ion-as-it-ca,     patches.drivers/drm-i915-gen7-Implement-an-L3-caching-wo     rkaround,     patches.drivers/drm-i915-gen7-implement-rczunit-workarou     nd,     patches.drivers/drm-i915-gen7-work-around-a-system-hang-     on-IVB

  - drm/i915: Clear the TV sense state bits on cantiga to     make TV detection reliable. (bnc#750041)

  - drm/i915: Do not write DSPSURF for old chips.
    (bnc#747071)

  - drm: Do not delete DPLL Multiplier during DAC init.
    (bnc#728840)

  - drm: Set depth on low mem Radeon cards to 16 instead of     8. (bnc#746883)

  - patches.drivers/drm-i915-set-AUD_CONFIG_N_index-for-DP:
    Refresh. Updated the patch from the upstream.
    (bnc#722560)

  - Add a few missing drm/i915 fixes from upstream 3.2     kernel (bnc#744392) :

  - drm/i915: Sanitize BIOS debugging bits from PIPECONF.
    (bnc#751916)

  - drm/i915: Add lvds_channel module option. (bnc#739837)

  - drm/i915: Check VBIOS value for determining LVDS dual     channel mode, too. (bnc#739837)

  - agp: fix scratch page cleanup. (bnc#738679)

  - drm/i915: suspend fbdev device around suspend/hibernate     (bnc#732908). ACPI :

  - supported.conf: Add acpi_ipmi as supported (bnc#716971).
    MM :

  - cpusets: avoid looping when storing to mems_allowed if     one.

  - cpusets: avoid stall when updating mems_allowed for     mempolicy.

  - cpuset: mm: Reduce large amounts of memory barrier     related slowdown.

  - mm: make swapin readahead skip over holes.

  - mm: allow PF_MEMALLOC from softirq context.

  - mm: Ensure processes do not remain throttled under     memory pressure. (Swap over NFS (fate#304949,     bnc#747944).

  - mm: Allow sparsemem usemap allocations for very large     NUMA nodes. (bnc#749049)

  - backing-dev: fix wakeup timer races with     bdi_unregister(). (bnc#741824)

  - readahead: fix pipeline break caused by block plug.
    (bnc#746454)

  - Fix uninitialised variable warning and obey the     [get|put]_mems_allowed API. CIFS :

  - cifs: fix dentry refcount leak when opening a FIFO on     lookup (CVE-2012-1090 / bnc#749569). USB :

  - xhci: Fix encoding for HS bulk/control NAK rate.
    (bnc#750402)

  - USB: Fix handoff when BIOS disables host PCI device.
    (bnc#747878)

  - USB: Do not fail USB3 probe on missing legacy PCI IRQ.
    (bnc#749543)

  - USB: Adding #define in hub_configure() and hcd.c file.
    (bnc#714604)

  - USB: remove BKL comments. (bnc#714604)

  - xHCI: Adding #define values used for hub descriptor.
    (bnc#714604)

  - xHCI: Kick khubd when USB3 resume really completes.
    (bnc#714604)

  - xhci: Fix oops caused by more USB2 ports than USB3     ports. (bnc#714604)

  - USB/xhci: Enable remote wakeup for USB3 devices.
    (bnc#714604)

  - USB: Suspend functions before putting dev into U3.
    (bnc#714604)

  - USB/xHCI: Enable USB 3.0 hub remote wakeup. (bnc#714604)

  - USB: Refactor hub remote wake handling. (bnc#714604)

  - USB/xHCI: Support device-initiated USB 3.0 resume.
    (bnc#714604)

  - USB: Set wakeup bits for all children hubs. (bnc#714604)

  - USB: Turn on auto-suspend for USB 3.0 hubs. (bnc#714604)

  - USB: Set hub depth after USB3 hub reset. (bnc#749115)

  - xhci: Fix USB 3.0 device restart on resume. (bnc#745867)

  - xhci: Remove scary warnings about transfer issues.
    (bnc#745867)

  - xhci: Remove warnings about MSI and MSI-X capabilities     (bnc#745867). Other :

  - PCI / PCIe: Introduce command line option to disable     ARI. (bnc#742845)

  - PCI: Set device power state to PCI_D0 for device without     native PM support (bnc#752972). X86 :

  - x86/UV: Lower UV rtc clocksource rating. (bnc#748456)

  - x86, mce, therm_throt: Do not report power limit and     package level thermal throttle events in mcelog.
    (bnc#745876)

  - x86: Unlock nmi lock after kdb_ipi call. (bnc#745424)

  - x86, tsc: Fix SMI induced variation in     quick_pit_calibrate(). (bnc#751322) XEN :

  - Update Xen patches to 3.0.22.

  - xenbus_dev: add missing error checks to watch handling.

  - drivers/xen/: use strlcpy() instead of strncpy().

  - xenoprof: backward compatibility for changed     XENOPROF_ESCAPE_CODE.

  - blkfront: properly fail packet requests. (bnc#745929)

  - Refresh other Xen patches. (bnc#732070, bnc#742871)

  - xenbus: do not free other end details too early.

  - blkback: also call blkif_disconnect() when frontend     switched to closed.

  - gnttab: add deferred freeing logic.

  - blkback: failure to write 'feature-barrier' node is     non-fatal. Infiniband :

  - RDMA/cxgb4: Make sure flush CQ entries are collected on     connection close. (bnc#721587)

  - RDMA/cxgb4: Serialize calls to CQs comp_handler.
    (bnc#721587)

  - mlx4_en: Assigning TX irq per ring (bnc#624072).
    Bluetooth :

  - Bluetooth: Add Atheros AR3012 Maryann PID/VID supported     in ath3k. (bnc#732296)

  - Bluetooth: btusb: fix bInterval for high/super speed     isochronous endpoints (bnc#754052). SCTP :

  - dlm: Do not allocate a fd for peeloff. (bnc#729247)

  - sctp: Export sctp_do_peeloff (bnc#729247). Other :

  - qlge: Removing needless prints which are not.
    (bnc#718863)

  - ibft: Fix finding IBFT ACPI table on UEFI. (bnc#746579)

  - proc: Consider NO_HZ when printing idle and iowait     times. (bnc#705551)

  - procfs: do not confuse jiffies with cputime64_t.
    (bnc#705551)

  - procfs: do not overflow get_{idle,iowait}_time for nohz.
    (bnc#705551)

  - bfa: Do not return DID_ABORT on failure. (bnc#745400)

  - epoll: Do not limit non-nested epoll paths. (bnc#676204)

  - Bridge: Always send NETDEV_CHANGEADDR up on br MAC     change. (bnc#752408)

  - hp_accel: Ignore the error from lis3lv02d_poweron() at     resume. (bnc#751903)

  - watchdog: make sure the watchdog thread gets CPU on     loaded system. (bnc#738583)

Sasha Levin discovered a flaw in the permission checking for device assignments requested via the kvm ioctl in the Linux kernel. A local user could use this flaw to crash the system causing a denial of service. (CVE-2011-4347)

Stephan Barwolf discovered a flaw in the KVM (kernel-based virtual machine) subsystem of the Linux kernel. A local unprivileged user can crash use this flaw to crash VMs causing a deny of service.
(CVE-2012-0045)

H. Peter Anvin reported a flaw in the Linux kernel that could crash the system. A local user could exploit this flaw to crash the system.
(CVE-2012-1097)

A flaw was discovered in the Linux kernel's cgroups subset. A local attacker could use this flaw to crash the system. (CVE-2012-1146).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

This USN was released in error and has been removed.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Paolo Bonzini discovered a flaw in Linux's handling of the SG_IO ioctl command. A local user, or user in a VM could exploit this flaw to bypass restrictions and gain read/write access to all data on the affected block device. (CVE-2011-4127)

A flaw was found in the Linux kernel's ext4 file system when mounting a corrupt filesystem. A user-assisted remote attacker could exploit this flaw to cause a denial of service. (CVE-2012-2100).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Update to the 3.2.10 stable release, which contains a number of fixes across the kernel.

Fixes CVE-2012-1146 Fixes CVE-2012-1179

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
74801	openSUSE Security Update : kernel (openSUSE-SU-2012:1439-1)	Nessus	SuSE Local Security Checks	critical
74658	openSUSE Security Update : Kernel (openSUSE-SU-2012:0799-1)	Nessus	SuSE Local Security Checks	critical
74604	openSUSE Security Update : kernel (openSUSE-SU-2012:0540-1)	Nessus	SuSE Local Security Checks	critical
59322	USN-1458-1 : linux-ti-omap4 vulnerabilities	Nessus	Ubuntu Local Security Checks	critical
59034	Ubuntu 10.04 LTS : linux-lts-backport-natty vulnerabilities (USN-1440-1)	Nessus	Ubuntu Local Security Checks	critical
58947	Ubuntu 10.04 LTS : linux-lts-backport-oneiric vulnerabilities (USN-1433-1)	Nessus	Ubuntu Local Security Checks	critical
58946	Ubuntu 11.10 : linux vulnerabilities (USN-1431-1)	Nessus	Ubuntu Local Security Checks	critical
58845	SuSE 11.2 Security Update : Linux kernel (SAT Patch Numbers 6163 / 6164 / 6172)	Nessus	SuSE Local Security Checks	critical
58742	Ubuntu 11.04 : linux vulnerabilities (USN-1422-1)	Nessus	Ubuntu Local Security Checks	critical
58741	Ubuntu 10.04 LTS : linux-lts-backport-maverick vulnerabilities (USN-1421-1)	Nessus	Ubuntu Local Security Checks	critical
58495	Ubuntu 10.10 : linux vulnerabilities (USN-1407-1)	Nessus	Ubuntu Local Security Checks	critical
58494	Ubuntu 11.04 : linux vulnerabilities (USN-1406-1)	Nessus	Ubuntu Local Security Checks	critical
58493	Ubuntu 11.10 : linux vulnerabilities (USN-1405-1)	Nessus	Ubuntu Local Security Checks	critical
58488	Fedora 15 : kernel-2.6.42.12-1.fc15 (2012-3715)	Nessus	Fedora Local Security Checks	critical
58376	Fedora 16 : kernel-3.2.10-3.fc16 (2012-3712)	Nessus	Fedora Local Security Checks	critical

CVE-2012-1146

Description

References

Details

Risk Information

CVSS v2.0

CVSS v3.0

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins