http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8d7f6690cedb83456edd41c9bd583783f0703bf0

http://linux.oracle.com/errata/ELSA-2014-0771.html

59262

59309

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.5

[oss-security] 20140220 Re: CVE Request: Linux kernel: s390: crash due to linkage stack instruction

65700

https://bugzilla.redhat.com/show_bug.cgi?id=1067558

https://github.com/torvalds/linux/commit/8d7f6690cedb83456edd41c9bd583783f0703bf0

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),     the core of any Linux operating system. The kernel     handles the basic functions of the operating system:
    memory allocation, process allocation, device input and     output, etc.Security Fix(es):The walk_hugetlb_range()     function in 'mm/pagewalk.c' file in the Linux kernel     from v4.0-rc1 through v4.15-rc1 mishandles holes in     hugetlb ranges. This allows local users to obtain     sensitive information from uninitialized kernel memory     via crafted use of the mincore() system     call.(CVE-2017-16994)In the Linux kernel before 4.7,     the amd_gpio_remove function in     drivers/pinctrl/pinctrl-amd.c calls the     pinctrl_unregister function, leading to a double     free.(CVE-2017-18174)In the Linux kernel through     4.20.11, af_alg_release() in crypto/af_alg.c neglects     to set a NULL value for a certain structure member,     which leads to a use-after-free in     sockfs_setattr.(CVE-2019-8912)A security flaw was found     in the Linux kernel that an attempt to move page mapped     by AIO ring buffer to the other node triggers NULL     pointer dereference at trace_writeback_dirty_page(),     because aio_fs_backing_dev_info.dev is     0.(CVE-2016-3070)The NFSv4 implementation in the Linux     kernel through 4.11.1 allows local users to cause a     denial of service (resource consumption) by leveraging     improper channel callback shutdown when unmounting an     NFSv4 filesystem, aka a 'module reference and kernel     daemon' leak.(CVE-2017-9059)When creating audit records     for parameters to executed children processes, an     attacker can convince the Linux kernel audit subsystem     can create corrupt records which may allow an attacker     to misrepresent or evade logging of executing     commands.(CVE-2016-6136)A use-after-free vulnerability     was found in a network namespaces code affecting the     Linux kernel since v4.0-rc1 through v4.15-rc5. The     function get_net_ns_by_id() does not check for the     net::count value after it has found a peer network in     netns_ids idr which could lead to double free and     memory corruption. This vulnerability could allow an     unprivileged local user to induce kernel memory     corruption on the system, leading to a crash. Due to     the nature of the flaw, privilege escalation cannot be     fully ruled out, although it is thought to be     unlikely.(CVE-2017-15129)A NULL pointer dereference     flaw was found in the rds_ib_laddr_check() function in     the Linux kernel's implementation of Reliable Datagram     Sockets (RDS). A local, unprivileged user could use     this flaw to crash the system.(CVE-2013-7339)A flaw was     found in the Linux kernel key management subsystem in     which a local attacker could crash the kernel or     corrupt the stack and additional memory (denial of     service) by supplying a specially crafted RSA key. This     flaw panics the machine during the verification of the     RSA key.(CVE-2016-8650)The uio_mmap_physical function     in drivers/uio/uio.c in the Linux kernel before 3.12     does not validate the size of a memory block, which     allows local users to cause a denial of service (memory     corruption) or possibly gain privileges via crafted     mmap operations, a different vulnerability than     CVE-2013-4511.(CVE-2013-6763)In the Linux kernel before     4.20.5, attackers can trigger a     drivers/char/ipmi/ipmi_msghandler.c use-after-free and     OOPS by arranging for certain simultaneous execution of     the code, as demonstrated by a 'service ipmievd     restart' loop.(CVE-2019-9003)An integer overflow flaw     was found in the way the Linux kernel randomized the     stack for processes on certain 64-bit architecture     systems, such as x86-64, causing the stack entropy to     be reduced by four.(CVE-2015-1593)The     compat_sys_recvmmsg function in net/compat.c in the     Linux kernel before 3.13.2, when CONFIG_X86_X32 is     enabled, allows local users to gain privileges via a     recvmmsg system call with a crafted timeout pointer     parameter.(CVE-2014-0038)The kill_something_info     function in kernel/signal.c in the Linux kernel before     4.13, when an unspecified architecture and compiler is     used, might allow local users to cause a denial of     service via an INT_MIN     argument.(CVE-2018-10124)arch/s390/kernel/head64.S in     the Linux kernel before 3.13.5 on the s390 platform     does not properly handle attempted use of the linkage     stack, which allows local users to cause a denial of     service (system crash) by executing a crafted     instruction.(CVE-2014-2039)A flaw was found in the     Linux kernel in that the aoedisk_debugfs_show()     function in drivers/block/aoe/aoeblk.c allows local     users to obtain some kernel address information by     reading a debugfs file. This address is not useful to     commit a further attack.(CVE-2018-7754)ALSA sequencer     core initializes the event pool on demand by invoking     snd_seq_pool_init() when the first write happens and     the pool is empty. A user can reset the pool size     manually via ioctl concurrently, and this may lead to     UAF or out-of-bound access.(CVE-2018-7566)In the     function wmi_set_ie(), the length validation code does     not handle unsigned integer overflow properly. As a     result, a large value of the 'ie_len' argument can     cause a buffer overflow in all Android releases from     CAF (Android for MSM, Firefox OS for MSM, QRD Android)     using the Linux Kernel.(CVE-2018-5848)The Linux kernel     does not properly initialize memory in messages passed     between virtual guests and the host operating system in     the vhost/vhost.c:vhost_new_msg() function. This can     allow local privileged users to read some kernel memory     contents when reading from the /dev/vhost-net device     file.(CVE-2018-1118)Systems with microprocessors     utilizing speculative execution and speculative     execution of memory reads before the addresses of all     prior memory writes are known may allow unauthorized     disclosure of information to an attacker with local     user access via a side-channel analysis, aka     Speculative Store Bypass (SSB), Variant     4.(CVE-2018-3639)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.

* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-0203, Moderate)

* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)

* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)

Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.

* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-0203, Moderate)

* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)

* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)

The system must be rebooted for this update to take effect.

From Red Hat Security Advisory 2014:0771 :

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.

* It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-0203, Moderate)

* A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate)

* An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low)

* A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low)

Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.

This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Multiple vulnerabilities has been found and corrected in the Linux kernel :

kernel/auditsc.c in the Linux kernel through 3.14.5, when CONFIG_AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number (CVE-2014-3917).

The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification (CVE-2014-3153).

Race condition in the ath_tx_aggr_sleep function in drivers/net/wireless/ath/ath9k/xmit.c in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via a large amount of network traffic that triggers certain list deletions (CVE-2014-2672).

The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 do not check whether a certain length value is sufficiently large, which allows local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced (CVE-2014-3144).

The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the __skb_get_nlattr_nest function before the vulnerability was announced (CVE-2014-3145).

Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel through 3.14.1 allows local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter (CVE-2014-2851).

The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the LECHO !OPOST case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings (CVE-2014-0196).

The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device (CVE-2014-1738).

The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device (CVE-2014-1737).

The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel through 3.14 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports (CVE-2014-2678).

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions (CVE-2014-0077).

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets (CVE-2014-2309).

Multiple array index errors in drivers/hid/hid-multitouch.c in the Human Interface Device (HID) subsystem in the Linux kernel through 3.11, when CONFIG_HID_MULTITOUCH is enabled, allow physically proximate attackers to cause a denial of service (heap memory corruption, or NULL pointer dereference and OOPS) via a crafted device (CVE-2013-2897).

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function (CVE-2014-2523).

Race condition in the mac80211 subsystem in the Linux kernel before 3.13.7 allows remote attackers to cause a denial of service (system crash) via network traffic that improperly interacts with the WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and tx.c (CVE-2014-2706).

The sctp_sf_do_5_1D_ce function in net/sctp/sm_statefuns.c in the Linux kernel through 3.13.6 does not validate certain auth_enable and auth_capable fields before making an sctp_sf_authenticate call, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an SCTP handshake with a modified INIT chunk and a crafted AUTH chunk before a COOKIE_ECHO chunk (CVE-2014-0101).

The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows local users to obtain sensitive information from kernel memory, cause a denial of service (memory corruption and system crash), or possibly gain privileges via a writev system call with a crafted pointer (CVE-2014-0069).

arch/s390/kernel/head64.S in the Linux kernel before 3.13.5 on the s390 platform does not properly handle attempted use of the linkage stack, which allows local users to cause a denial of service (system crash) by executing a crafted instruction (CVE-2014-2039).

Buffer overflow in virt/kvm/irq_comm.c in the KVM subsystem in the Linux kernel before 3.2.24 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via vectors related to Message Signaled Interrupts (MSI), irq routing entries, and an incorrect check by the setup_routing_entry function before invoking the kvm_set_irq function (CVE-2012-2137).

The security_context_to_sid_core function in security/selinux/ss/services.c in the Linux kernel before 3.13.4 allows local users to cause a denial of service (system crash) by leveraging the CAP_MAC_ADMIN capability to set a zero-length security context (CVE-2014-1874).

The updated packages provides a solution for these security issues.

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2013-0343     George Kargiotakis reported an issue in the temporary     address handling of the IPv6 privacy extensions. Users     on the same LAN can cause a denial of service or obtain     access to sensitive information by sending router     advertisement messages that cause temporary address     generation to be disabled.

  - CVE-2013-2147     Dan Carpenter reported issues in the cpqarray driver for     Compaq Smart2 Controllers and the cciss driver for HP     Smart Array controllers allowing users to gain access to     sensitive kernel memory.

  - CVE-2013-2889     Kees Cook discovered missing input sanitization in the     HID driver for Zeroplus game pads that could lead to a     local denial of service.

  - CVE-2013-2893     Kees Cook discovered that missing input sanitization in     the HID driver for various Logitech force feedback     devices could lead to a local denial of service.

  - CVE-2013-2929     Vasily Kulikov discovered that a flaw in the     get_dumpable() function of the ptrace subsytsem could     lead to information disclosure. Only systems with the     fs.suid_dumpable sysctl set to a non-default value of     '2' are vulnerable.

  - CVE-2013-4162     Hannes Frederic Sowa discovered that incorrect handling     of IPv6 sockets using the UDP_CORK option could result     in denial of service.

  - CVE-2013-4299     Fujitsu reported an issue in the device-mapper     subsystem. Local users could gain access to sensitive     kernel memory.

  - CVE-2013-4345     Stephan Mueller found in bug in the ANSI pseudo random     number generator which could lead to the use of less     entropy than expected.

  - CVE-2013-4512     Nico Golde and Fabian Yamaguchi reported an issue in the     user mode linux port. A buffer overflow condition exists     in the write method for the /proc/exitcode file. Local     users with sufficient privileges allowing them to write     to this file could gain further elevated privileges.

  - CVE-2013-4587     Andrew Honig of Google reported an issue in the KVM     virtualization subsystem. A local user could gain     elevated privileges by passing a large vcpu_id     parameter.

  - CVE-2013-6367     Andrew Honig of Google reported an issue in the KVM     virtualization subsystem. A divide-by-zero condition     could allow a guest user to cause a denial of service on     the host (crash).

  - CVE-2013-6380     Mahesh Rajashekhara reported an issue in the aacraid     driver for storage products from various vendors. Local     users with CAP_SYS_ADMIN privileges could gain further     elevated privileges.

  - CVE-2013-6381     Nico Golde and Fabian Yamaguchi reported an issue in the     Gigabit Ethernet device support for s390 systems. Local     users could cause a denial of service or gain elevated     privileges via the SIOC_QETH_ADP_SET_SNMP_CONTROL ioctl.

  - CVE-2013-6382     Nico Golde and Fabian Yamaguchi reported an issue in the     XFS filesystem. Local users with CAP_SYS_ADMIN     privileges could gain further elevated privileges.

  - CVE-2013-6383     Dan Carpenter reported an issue in the aacraid driver     for storage devices from various vendors. A local user     could gain elevated privileges due to a missing     privilege level check in the aac_compat_ioctl function.

  - CVE-2013-7263 CVE-2013-7264 CVE-2013-7265     mpb reported an information leak in the recvfrom,     recvmmsg and recvmsg system calls. A local user could     obtain access to sensitive kernel memory.

  - CVE-2013-7339     Sasha Levin reported an issue in the RDS network     protocol over Infiniband. A local user could cause a     denial of service condition.

  - CVE-2014-0101     Nokia Siemens Networks reported an issue in the SCTP     network protocol subsystem. Remote users could cause a     denial of service (NULL pointer dereference).

  - CVE-2014-1444     Salva Peiro reported an issue in the FarSync WAN driver.
    Local users with the CAP_NET_ADMIN capability could gain     access to sensitive kernel memory.

  - CVE-2014-1445     Salva Peiro reported an issue in the wanXL serial card     driver. Local users could gain access to sensitive     kernel memory.

  - CVE-2014-1446     Salva Peiro reported an issue in the YAM radio modem     driver. Local users with the CAP_NET_ADMIN capability     could gain access to sensitive kernel memory.

  - CVE-2014-1874     Matthew Thode reported an issue in the SELinux     subsystem. A local user with CAP_MAC_ADMIN privileges     could cause a denial of service by setting an empty     security context on a file.

  - CVE-2014-2039     Martin Schwidefsky reported an issue on s390 systems. A     local user could cause a denial of service (kernel oops)     by executing an application with a linkage stack     instruction.

  - CVE-2014-2523     Daniel Borkmann provided a fix for an issue in the     nf_conntrack_dccp module. Remote users could cause a     denial of service (system crash) or potentially gain     elevated privileges.

The 3.13.5 rebase contains support for additional hardware, some new features and a number of important bug fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The 3.13.5 stable update contains a number of important fixes across the tree.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124991	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1538)	Nessus	Huawei Local Security Checks	high
76170	CentOS 6 : kernel (CESA-2014:0771)	Nessus	CentOS Local Security Checks	high
76157	Scientific Linux Security Update : kernel on SL6.x i386/x86_64 (20140619)	Nessus	Scientific Linux Local Security Checks	high
76156	RHEL 6 : kernel (RHSA-2014:0771)	Nessus	Red Hat Local Security Checks	high
76155	Oracle Linux 6 : kernel (ELSA-2014-0771)	Nessus	Oracle Linux Local Security Checks	high
74513	Mandriva Linux Security Advisory : kernel (MDVSA-2014:124)	Nessus	Mandriva Local Security Checks	critical
73713	Debian DSA-2906-1 : linux-2.6 - privilege escalation/denial of service/information leak	Nessus	Debian Local Security Checks	critical
72767	Fedora 19 : kernel-3.13.5-101.fc19 (2014-2887)	Nessus	Fedora Local Security Checks	medium
72754	Fedora 20 : kernel-3.13.5-200.fc20 (2014-3094)	Nessus	Fedora Local Security Checks	medium

CVE-2014-2039

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins