SUSE-SU-2015:1478

RHSA-2015:0290

RHSA-2015:0694

[oss-security] 20141009 CVE-2014-8086 - Linux kernel ext4 race condition

70376

[linux-ext4] 20141009 [PATCH] ext4: fix race between write and fcntl(F_SETFL)

[linux-ext4] 20141009 [PATCH] add aio/dio regression test race between write and fcntl

https://bugzilla.redhat.com/show_bug.cgi?id=1151353

linux-kernel-cve20148086-dos(96922)

[linux-kernel] 20141008 ext4: kernel BUG at fs/ext4/inode.c:2959!

[linux-kernel] 20141009 Re: ext4: kernel BUG at fs/ext4/inode.c:2959!

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - In the Linux kernel, Hisilicon Network Subsystem (HNS)     does not consider the ETH_SS_PRIV_FLAGS case when     retrieving sset_count data. This allows local users to     cause a denial of service (buffer overflow and memory     corruption) or possibly have unspecified other     impacts.(CVE-2017-18222i1/4%0

  - A flaw was found in the way the Linux kernel's     networking implementation handled UDP packets with     incorrect checksum values. A remote attacker could     potentially use this flaw to trigger an infinite loop     in the kernel, resulting in a denial of service on the     system, or cause a denial of service in applications     using the edge triggered epoll     functionality.(CVE-2015-5366i1/4%0

  - A use-after-free vulnerability was found in the     kernel's socket recvmmsg subsystem. This may allow     remote attackers to corrupt memory and may allow     execution of arbitrary code. This corruption takes     place during the error handling routines within
    __sys_recvmmsg() function.(CVE-2016-7117i1/4%0

  - arch/x86/kvm/vmx.c in the Linux kernel through 4.6.3     mishandles the APICv on/off state, which allows guest     OS users to obtain direct APIC MSR access on the host     OS, and consequently cause a denial of service (host OS     crash) or possibly execute arbitrary code on the host     OS, via x2APIC mode.(CVE-2016-4440i1/4%0

  - In the Linux kernel before 4.17, a local attacker able     to set attributes on an xfs filesystem could make this     filesystem non-operational until the next mount by     triggering an unchecked error condition during an xfs     attribute change, because xfs_attr_shortform_addname in     fs/xfs/libxfs/xfs_attr.c mishandles ATTR_REPLACE     operations with conversion of an attr from short to     long form.(CVE-2018-18690i1/4%0

  - A flaw was found in the Linux kernel's ext4 filesystem.
    A local user can cause an out-of-bounds write and a     denial of service or unspecified other impact is     possible by mounting and operating a crafted ext4     filesystem image.(CVE-2018-10878i1/4%0

  - Xen 3.3.x through 4.5.x and the Linux kernel through     3.19.1 do not properly restrict access to PCI command     registers, which might allow local guest OS users to     cause a denial of service (non-maskable interrupt and     host crash) by disabling the (1) memory or (2) I/O     decoding for a PCI Express device and then accessing     the device, which triggers an Unsupported Request (UR)     response.(CVE-2015-2150i1/4%0

  - The assoc_array_insert_into_terminal_node() function in     'lib/assoc_array.c' in the Linux kernel before 4.5.3     does not check whether a slot is a leaf, which allows     local users to obtain sensitive information from kernel     memory or cause a denial of service (invalid pointer     dereference and out-of-bounds read) via an application     that uses associative-array data     structures.(CVE-2016-7914i1/4%0

  - It was found that the x86 ISA (Instruction Set     Architecture) is prone to a denial of service attack     inside a virtualized environment in the form of an     infinite loop in the microcode due to the way     (sequential) delivering of benign exceptions such as     #AC (alignment check exception) is handled. A     privileged user inside a guest could use this flaw to     create denial of service conditions on the host     kernel.(CVE-2015-5307i1/4%0

  - An issue was discovered in fs/f2fs/super.c in the Linux     kernel, which does not properly validate secs_per_zone     in a corrupted f2fs image. This may lead to a     divide-by-zero error and a system     crash.(CVE-2018-13100i1/4%0

  - The mISDN_sock_recvmsg function in     drivers/isdn/mISDN/socket.c in the Linux kernel before     3.12.4 does not ensure that a certain length value is     consistent with the size of an associated data     structure, which allows local users to obtain sensitive     information from kernel memory via a (1) recvfrom, (2)     recvmmsg, or (3) recvmsg system call.(CVE-2013-7266i1/4%0

  - A NULL pointer dereference flaw was found in the     rds_iw_laddr_check() function in the Linux kernel's     implementation of Reliable Datagram Sockets (RDS). A     local, unprivileged user could use this flaw to crash     the system.(CVE-2014-2678i1/4%0

  - A flaw was found in the Linux kernel's handling of     packets with the URG flag. Applications using the     splice() and tcp_splice_read() functionality could     allow a remote attacker to force the kernel to enter a     condition in which it could loop     indefinitely.(CVE-2017-6214i1/4%0

  - The kernel_wait4 function in kernel/exit.c in the Linux     kernel before 4.13, when an unspecified architecture     and compiler is used, might allow local users to cause     a denial of service by triggering an attempted use of     the -INT_MIN value.(CVE-2018-10087i1/4%0

  - Heap-based buffer overflow in the private wireless     extensions IOCTL implementation in wlan_hdd_wext.c in     the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x     and 4.x, as used in Qualcomm Innovation Center (QuIC)     Android contributions for MSM devices and other     products, allows attackers to gain privileges via a     crafted application that establishes a packet     filter.(CVE-2015-0569i1/4%0

  - A race condition flaw was found in the Linux kernel's     ext4 file system implementation that allowed a local,     unprivileged user to crash the system by simultaneously     writing to a file and toggling the O_DIRECT flag using     fcntl(F_SETFL) on that file.(CVE-2014-8086i1/4%0

  - The mm_init function in kernel/fork.c in the Linux     kernel before 4.12.10 does not clear the -i1/4zexe_file     member of a new process's mm_struct, allowing a local     attacker to achieve a use-after-free condition and to     induce a kernel memory corruption on the system,     leading to a crash or possibly have unspecified other     impact by running a specially crafted program. Due to     the nature of the flaw, privilege escalation cannot be     fully ruled out, although we feel it is     unlikely.(CVE-2017-17052i1/4%0

  - A buffer overflow flaw was found in the way the Linux     kernel's Intel AES-NI instructions optimized version of     the RFC4106 GCM mode decryption functionality handled     fragmented packets. A remote attacker could use this     flaw to crash, or potentially escalate their privileges     on, a system over a connection with an active AES-GCM     mode IPSec security association.(CVE-2015-3331i1/4%0

  - A flaw was found in the processing of incoming L2CAP     bluetooth commands. Uninitialized stack variables can     be sent to an attacker leaking data in kernel address     space.(CVE-2017-1000410i1/4%0

  - It was found that a remote attacker could use a race     condition flaw in the ath_tx_aggr_sleep() function to     crash the system by creating large network traffic on     the system's Atheros 9k wireless network     adapter.(CVE-2014-2672i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in the way the Linux kernel's SCTP     implementation validated INIT chunks when performing     Address Configuration Change (ASCONF). A remote     attacker could use this flaw to crash the system by     sending a specially crafted SCTP packet to trigger a     NULL pointer dereference on the system.(CVE-2014-7841)

  - It was found that reporting emulation failures to user     space could lead to either a local (CVE-2014-7842) or a     L2-i1/4zL1 (CVE-2010-5313) denial of service. In the case     of a local denial of service, an attacker must have     access to the MMIO area or be able to access an I/O     port. Please note that on certain systems, HPET is     mapped to userspace as part of vdso (vvar) and thus an     unprivileged user may generate MMIO transactions (and     enter the emulator) this way.(CVE-2014-7842)

  - The pivot_root implementation in fs/namespace.c in the     Linux kernel through 3.17 does not properly interact     with certain locations of a chroot directory, which     allows local users to cause a denial of service     (mount-tree loop) via . (dot) values in both arguments     to the pivot_root system call.(CVE-2014-7970)

  - The do_umount function in fs/namespace.c in the Linux     kernel through 3.17 does not require the CAP_SYS_ADMIN     capability for do_remount_sb calls that change the root     filesystem to read-only, which allows local users to     cause a denial of service (loss of writability) by     making certain unshare system calls, clearing the /     MNT_LOCKED flag, and making an MNT_FORCE umount system     call.(CVE-2014-7975)

  - A race condition flaw was found in the Linux kernel's     ext4 file system implementation that allowed a local,     unprivileged user to crash the system by simultaneously     writing to a file and toggling the O_DIRECT flag using     fcntl(F_SETFL) on that file.(CVE-2014-8086)

  - A flaw was found in the way the Linux kernel's     netfilter subsystem handled generic protocol tracking.
    As demonstrated in the Stream Control Transmission     Protocol (SCTP) case, a remote attacker could use this     flaw to bypass intended iptables rule restrictions when     the associated connection tracking module was not     loaded on the system.(CVE-2014-8160)

  - It was found that due to excessive files_lock locking,     a soft lockup could be triggered in the Linux kernel     when performing asynchronous I/O operations. A local,     unprivileged user could use this flaw to crash the     system.(CVE-2014-8172)

  - A NULL pointer dereference flaw was found in the way     the Linux kernel's madvise MADV_WILLNEED functionality     handled page table locking. A local, unprivileged user     could use this flaw to crash the system.(CVE-2014-8173)

  - It was found that the fix for CVE-2014-3601 was     incomplete: the Linux kernel's kvm_iommu_map_pages()     function still handled IOMMU mapping failures     incorrectly. A privileged user in a guest with an     assigned host device could use this flaw to crash the     host.(CVE-2014-8369)

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     lacks intended decoder-table flags for certain     RIP-relative instructions, which allows guest OS users     to cause a denial of service (NULL pointer dereference     and host OS crash) via a crafted     application.(CVE-2014-8480)

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     does not properly handle invalid instructions, which     allows guest OS users to cause a denial of service     (NULL pointer dereference and host OS crash) via a     crafted application that triggers (1) an improperly     fetched instruction or (2) an instruction that occupies     too many bytes. NOTE: this vulnerability exists because     of an incomplete fix for CVE-2014-8480.(CVE-2014-8481)

  - A flaw was found in the way the Linux kernel's VFS     subsystem handled file system locks. A local,     unprivileged user could use this flaw to trigger a     deadlock in the kernel, causing a denial of service on     the system.(CVE-2014-8559)

  - An information leak flaw was found in the Linux     kernel's IEEE 802.11 wireless networking     implementation. When software encryption was used, a     remote attacker could use this flaw to leak up to 8     bytes of plaintext.(CVE-2014-8709)

  - A stack-based buffer overflow flaw was found in the     TechnoTrend/Hauppauge DEC USB device driver. A local     user with write access to the corresponding device     could use this flaw to crash the kernel or,     potentially, elevate their privileges on the     system.(CVE-2014-8884)

  - The do_double_fault function in arch/x86/kernel/traps.c     in the Linux kernel through 3.17.4 does not properly     handle faults associated with the Stack Segment (SS)     segment register, which allows local users to cause a     denial of service (panic) via a modify_ldt system call,     as demonstrated by sigreturn_32 in the     linux-clock-tests test suite.(CVE-2014-9090)

  - A flaw was found in the way the Linux kernel handled GS     segment register base switching when recovering from a     #SS (stack segment) fault on an erroneous return to     user space. A local, unprivileged user could use this     flaw to escalate their privileges on the     system.(CVE-2014-9322)

  - An information leak flaw was found in the way the Linux     kernel changed certain segment registers and     thread-local storage (TLS) during a context switch. A     local, unprivileged user could use this flaw to leak     the user space TLS base address of an arbitrary     process.(CVE-2014-9419)

  - It was found that the Linux kernel's ISO file system     implementation did not correctly limit the traversal of     Rock Ridge extension Continuation Entries (CE). An     attacker with physical access to the system could use     this flaw to trigger an infinite loop in the kernel,     resulting in a denial of service.(CVE-2014-9420)

  - A race condition flaw was found in the way the Linux     kernel keys management subsystem performed key garbage     collection. A local attacker could attempt accessing a     key while it was being garbage collected, which would     cause the system to crash.(CVE-2014-9529)

  - An information leak flaw was found in the way the Linux     kernel's ISO9660 file system implementation accessed     data on an ISO9660 image with RockRidge Extension     Reference (ER) records. An attacker with physical     access to the system could use this flaw to disclose up     to 255 bytes of kernel memory.(CVE-2014-9584)

  - An information leak flaw was found in the way the Linux     kernel's Virtual Dynamic Shared Object (vDSO)     implementation performed address randomization. A     local, unprivileged user could use this flaw to leak     kernel memory addresses to user-space.(CVE-2014-9585)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise Server 11 SP2 LTSS kernel was updated to receive various security and bugfixes.

The following security bugs were fixed :

  - CVE-2015-5707: An integer overflow in the SCSI generic     driver could be potentially used by local attackers to     crash the kernel or execute code.

  - CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux     kernel did not prevent the TS_COMPAT flag from reaching     a user-mode task, which might have allowed local users     to bypass the seccomp or audit protection mechanism via     a crafted application that uses the (1) fork or (2)     close system call, as demonstrated by an attack against     seccomp before 3.16 (bnc#926240).

  - CVE-2015-0777: drivers/xen/usbback/usbback.c in the     Linux kernel allowed guest OS users to obtain sensitive     information from uninitialized locations in host OS     kernel memory via unspecified vectors (bnc#917830).

  - CVE-2015-2150: Xen and the Linux kernel did not properly     restrict access to PCI command registers, which might     have allowed local guest users to cause a denial of     service (non-maskable interrupt and host crash) by     disabling the (1) memory or (2) I/O decoding for a PCI     Express device and then accessing the device, which     triggers an Unsupported Request (UR) response     (bnc#919463).

  - CVE-2015-5364: A remote denial of service (hang) via UDP     flood with incorrect package checksums was fixed.
    (bsc#936831).

  - CVE-2015-5366: A remote denial of service (unexpected     error returns) via UDP flood with incorrect package     checksums was fixed. (bsc#936831).

  - CVE-2015-1420: CVE-2015-1420: Race condition in the     handle_to_path function in fs/fhandle.c in the Linux     kernel allowed local users to bypass intended size     restrictions and trigger read operations on additional     memory locations by changing the handle_bytes value of a     file handle during the execution of this function     (bnc#915517).

  - CVE-2015-4700: A local user could have created a bad     instruction in the JIT processed BPF code, leading to a     kernel crash (bnc#935705).

  - CVE-2015-1805: The (1) pipe_read and (2) pipe_write     implementations in fs/pipe.c in the Linux kernel did not     properly consider the side effects of failed
    __copy_to_user_inatomic and __copy_from_user_inatomic     calls, which allowed local users to cause a denial of     service (system crash) or possibly gain privileges via a     crafted application, aka an 'I/O vector array overrun'     (bnc#933429).

  - CVE-2015-3331: The __driver_rfc4106_decrypt function in     arch/x86/crypto/aesni-intel_glue.c in the Linux kernel     did not properly determine the memory locations used for     encrypted data, which allowed context-dependent     attackers to cause a denial of service (buffer overflow     and system crash) or possibly execute arbitrary code by     triggering a crypto API call, as demonstrated by use of     a libkcapi test program with an AF_ALG(aead) socket     (bnc#927257).

  - CVE-2015-2922: The ndisc_router_discovery function in     net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol     implementation in the IPv6 stack in the Linux kernel     allowed remote attackers to reconfigure a hop-limit     setting via a small hop_limit value in a Router     Advertisement (RA) message (bnc#922583).

  - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux     kernel used an incorrect data type in a sysctl table,     which allowed local users to obtain potentially     sensitive information from kernel memory or possibly     have unspecified other impact by accessing a sysctl     entry (bnc#919007).

  - CVE-2015-3636: The ping_unhash function in     net/ipv4/ping.c in the Linux kernel did not initialize a     certain list data structure during an unhash operation,     which allowed local users to gain privileges or cause a     denial of service (use-after-free and system crash) by     leveraging the ability to make a SOCK_DGRAM socket     system call for the IPPROTO_ICMP or IPPROTO_ICMPV6     protocol, and then making a connect system call after a     disconnect (bnc#929525).

  - CVE-2014-8086: Race condition in the     ext4_file_write_iter function in fs/ext4/file.c in the     Linux kernel allowed local users to cause a denial of     service (file unavailability) via a combination of a     write action and an F_SETFL fcntl operation for the     O_DIRECT flag (bnc#900881).

  - CVE-2014-8159: The InfiniBand (IB) implementation in the     Linux kernel did not properly restrict use of User Verbs     for registration of memory regions, which allowed local     users to access arbitrary physical memory locations, and     consequently cause a denial of service (system crash) or     gain privileges, by leveraging permissions on a uverbs     device under /dev/infiniband/ (bnc#914742).

  - CVE-2014-9683: Off-by-one error in the     ecryptfs_decode_from_filename function in     fs/ecryptfs/crypto.c in the eCryptfs subsystem in the     Linux kernel allowed local users to cause a denial of     service (buffer overflow and system crash) or possibly     gain privileges via a crafted filename (bnc#918333).

  - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel used     an incorrect data type in a sysctl table, which allowed     local users to obtain potentially sensitive information     from kernel memory or possibly have unspecified other     impact by accessing a sysctl entry (bnc#919018).

  - CVE-2015-1421: Use-after-free vulnerability in the     sctp_assoc_update function in net/sctp/associola.c in     the Linux kernel allowed remote attackers to cause a     denial of service (slab corruption and panic) or     possibly have unspecified other impact by triggering an     INIT collision that leads to improper handling of     shared-key data (bnc#915577).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix various bugs and security issues.

The following vulnerabilities have been fixed :

CVE-2015-3636: A missing sk_nulls_node_init() in ping_unhash() inside the ipv4 stack can cause crashes if a disconnect is followed by another connect() attempt. (bnc#929525)

CVE-2015-3339: Race condition in the prepare_binprm function in fs/exec.c in the Linux kernel before 3.19.6 allows local users to gain privileges by executing a setuid program at a time instant when a chown to root is in progress, and the ownership is changed but the setuid bit is not yet stripped. (bnc#928130)

CVE-2015-3331: The __driver_rfc4106_decrypt function in arch/x86/crypto/aesni-intel_glue.c in the Linux kernel before 3.19.3 does not properly determine the memory locations used for encrypted data, which allows context-dependent attackers to cause a denial of service (buffer overflow and system crash) or possibly execute arbitrary code by triggering a crypto API call, as demonstrated by use of a libkcapi test program with an AF_ALG(aead) socket. (bnc#927257)

CVE-2015-2922: The ndisc_router_discovery function in net/ipv6/ndisc.c in the Neighbor Discovery (ND) protocol implementation in the IPv6 stack in the Linux kernel before 3.19.6 allows remote attackers to reconfigure a hop-limit setting via a small hop_limit value in a Router Advertisement (RA) message. (bnc#922583)

CVE-2015-2830: arch/x86/kernel/entry_64.S in the Linux kernel before 3.19.2 does not prevent the TS_COMPAT flag from reaching a user-mode task, which might allow local users to bypass the seccomp or audit protection mechanism via a crafted application that uses the (1) fork or (2) close system call, as demonstrated by an attack against seccomp before 3.16. (bnc#926240)

CVE-2015-2150: XSA-120: Xen 3.3.x through 4.5.x and the Linux kernel through 3.19.1 do not properly restrict access to PCI command registers, which might allow local guest users to cause a denial of service (non-maskable interrupt and host crash) by disabling the (1) memory or (2) I/O decoding for a PCI Express device and then accessing the device, which triggers an Unsupported Request (UR) response.
(bnc#919463)

CVE-2015-2042: net/rds/sysctl.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919018)

CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux kernel before 3.19 uses an incorrect data type in a sysctl table, which allows local users to obtain potentially sensitive information from kernel memory or possibly have unspecified other impact by accessing a sysctl entry.
(bnc#919007)

CVE-2015-1421: Use-after-free vulnerability in the sctp_assoc_update function in net/sctp/associola.c in the Linux kernel before 3.18.8 allows remote attackers to cause a denial of service (slab corruption and panic) or possibly have unspecified other impact by triggering an INIT collision that leads to improper handling of shared-key data.
(bnc#915577)

CVE-2015-0777: drivers/xen/usbback/usbback.c in 1 -2.6.18-xen-3.4.0 (aka the Xen 3.4.x support patches for the Linux kernel 2.6.18), as used in the Linux kernel 2.6.x and 3.x in SUSE Linux distributions, allows guest OS users to obtain sensitive information from uninitialized locations in host OS kernel memory via unspecified vectors. (bnc#917830)

CVE-2014-9683: Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buffer overflow and system crash) or possibly gain privileges via a crafted filename. (bnc#918333)

CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. (bnc#912202)

CVE-2014-9419: The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, which makes it easier for local users to bypass the ASLR protection mechanism via a crafted application that reads a TLS base address. (bnc#911326)

CVE-2014-8159: The InfiniBand (IB) implementation in the Linux kernel does not properly restrict use of User Verbs for registration of memory regions, which allows local users to access arbitrary physical memory locations, and consequently cause a denial of service (system crash) or gain privileges, by leveraging permissions on a uverbs device under /dev/infiniband/. (bnc#914742)

CVE-2014-8086: Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17 allows local users to cause a denial of service (file unavailability) via a combination of a write action and an F_SETFL fcntl operation for the O_DIRECT flag.
(bnc#900881)

Also 

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The SUSE Linux Enterprise 12 kernel was updated to version 3.12.43 to receive various security and bugfixes.

Following security bugs were fixed :

  - CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM     subsystem in the Linux kernel through 3.17.2 did not     properly perform RIP changes, which allowed guest OS     users to cause a denial of service (guest OS crash) via     a crafted application (bsc#899192).

  - CVE-2014-8086: Race condition in the     ext4_file_write_iter function in fs/ext4/file.c in the     Linux kernel through 3.17 allowed local users to cause a     denial of service (file unavailability) via a     combination of a write action and an F_SETFL fcntl     operation for the O_DIRECT flag (bsc#900881).

  - CVE-2014-8159: The InfiniBand (IB) implementation did     not properly restrict use of User Verbs for registration     of memory regions, which allowed local users to access     arbitrary physical memory locations, and consequently     cause a denial of service (system crash) or gain     privileges, by leveraging permissions on a uverbs device     under /dev/infiniband/ (bsc#914742).

  - CVE-2015-1465: The IPv4 implementation in the Linux     kernel before 3.18.8 did not properly consider the     length of the Read-Copy Update (RCU) grace period for     redirecting lookups in the absence of caching, which     allowed remote attackers to cause a denial of service     (memory consumption or system crash) via a flood of     packets (bsc#916225).

  - CVE-2015-2041: net/llc/sysctl_net_llc.c in the Linux     kernel before 3.19 used an incorrect data type in a     sysctl table, which allowed local users to obtain     potentially sensitive information from kernel memory or     possibly have unspecified other impact by accessing a     sysctl entry (bsc#919007).

  - CVE-2015-2042: net/rds/sysctl.c in the Linux kernel     before 3.19 used an incorrect data type in a sysctl     table, which allowed local users to obtain potentially     sensitive information from kernel memory or possibly     have unspecified other impact by accessing a sysctl     entry (bsc#919018).

  - CVE-2015-2666: Fixed a flaw that allowed crafted     microcode to overflow the kernel stack (bsc#922944).

  - CVE-2015-2830: Fixed int80 fork from 64-bit tasks     mishandling (bsc#926240).

  - CVE-2015-2922: Fixed possible denial of service (DoS)     attack against IPv6 network stacks due to improper     handling of Router Advertisements (bsc#922583).

  - CVE-2015-3331: Fixed buffer overruns in RFC4106     implementation using AESNI (bsc#927257).

  - CVE-2015-3332: Fixed TCP Fast Open local DoS     (bsc#928135).

  - CVE-2015-3339: Fixed race condition flaw between the     chown() and execve() system calls which could have lead     to local privilege escalation (bsc#928130).

  - CVE-2015-3636: Fixed use-after-free in ping sockets     which could have lead to local privilege escalation     (bsc#929525).

The update package also includes non-security fixes. See advisory for details.

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

* Users of kernel modules may need to upgrade the module to maintain compatibility.

The system must be rebooted for this update to take effect.

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, and Akira Fujita of NEC for reporting CVE-2014-7822.

Bug fixes :

* A patch removing the xt_connlimit revision zero ABI was not reverted in the kernel-rt package, which caused problems because the iptables package requires this revision. A patch to remove the xt_connlimit revision 0 was reverted from the kernel-rt sources to allow the iptables command to execute correctly. (BZ#1169755)

* With an older Mellanox Connect-IB (mlx4) driver present in the MRG Realtime kernel, a race condition could occur that would cause a loss of connection. The mlx4 driver was updated, resolving the race condition and allowing proper connectivity. (BZ#1182246)

* The MRG Realtime kernel did not contain the appropriate code to resume after a device failed, causing the volume status after a repair to not be properly updated. A 'refresh needed' was still listed in the 'lvs' output after executing the 'lvchange --refresh' command. A patch was added that adds the ability to correctly restore a transiently failed device upon resume. (BZ#1159803)

* The sosreport executable would hang when reading /proc/net/rpc/use-gss-proxy because of faulty wait_queue logic in the proc handler. This wait_queue logic was removed from the proc handler, allowing the reads to correctly return the current state. (BZ#1169900)

Enhancements :

* The MRG Realtime kernel-rt sources have been modified to take advantage of the updated 3.10 kernel sources that are available with the Red Hat Enterprise Linux 7 releases. (BZ#1172844)

* The MRG Realtime version of the e1000e driver has been updated to provide support for the Intel I218-LM network adapter. (BZ#1191767)

* The MRG Realtime kernel was updated to provide support for the Mellanox Connect-IB (mlx5). (BZ#1171363)

* The rt-firmware package has been updated to provide additional firmware files required by the new version of the Red Hat Enterprise MRG 2.5 kernel (BZ#1184251)

All kernel-rt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regular update.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information:
https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-0290 advisory.

  - arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 3.17.2 on Intel processors does not     ensure that the value in the CR4 control register remains the same after a VM entry, which allows host OS     users to kill arbitrary processes or cause a denial of service (system disruption) by leveraging /dev/kvm     access, as demonstrated by PR_SET_TSC prctl calls within a modified copy of QEMU. (CVE-2014-3690)

  - The Linux kernel through 3.14.5 does not properly consider the presence of hugetlb entries, which allows     local users to cause a denial of service (memory corruption or system crash) by accessing certain memory     locations, as demonstrated by triggering a race condition via numa_maps read operations during hugepage     migration, related to fs/proc/task_mmu.c and mm/mempolicy.c. (CVE-2014-3940)

  - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall     numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-     bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application. (CVE-2014-7825)

  - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall     numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial     of service (invalid pointer dereference) via a crafted application. (CVE-2014-7826)

  - Race condition in the ext4_file_write_iter function in fs/ext4/file.c in the Linux kernel through 3.17     allows local users to cause a denial of service (file unavailability) via a combination of a write action     and an F_SETFL fcntl operation for the O_DIRECT flag. (CVE-2014-8086)

  - net/netfilter/nf_conntrack_proto_generic.c in the Linux kernel before 3.18 generates incorrect conntrack     entries during handling of certain iptables rule sets for the SCTP, DCCP, GRE, and UDP-Lite protocols,     which allows remote attackers to bypass intended access restrictions via packets with disallowed port     numbers. (CVE-2014-8160)

  - The filesystem implementation in the Linux kernel before 3.13 performs certain operations on lists of     files with an inappropriate locking approach, which allows local users to cause a denial of service (soft     lockup or system crash) via unspecified use of Asynchronous I/O (AIO) operations. (CVE-2014-8172)

  - The pmd_none_or_trans_huge_or_clear_bad function in include/asm-generic/pgtable.h in the Linux kernel     before 3.13 on NUMA systems does not properly determine whether a Page Middle Directory (PMD) entry is a     transparent huge-table entry, which allows local users to cause a denial of service (NULL pointer     dereference and system crash) or possibly have unspecified other impact via a crafted MADV_WILLNEED     madvise system call that leverages the absence of a page-table lock. (CVE-2014-8173)

  - The ieee80211_fragment function in net/mac80211/tx.c in the Linux kernel before 3.13.5 does not properly     maintain a certain tail pointer, which allows remote attackers to obtain sensitive cleartext information     by reading packets. (CVE-2014-8709)

  - Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in     drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a     denial of service (system crash) or possibly gain privileges via a large message length in an ioctl call.
    (CVE-2014-8884)

  - The XFS implementation in the Linux kernel before 3.15 improperly uses an old size value during remote     attribute replacement, which allows local users to cause a denial of service (transaction overrun and data     corruption) or possibly gain privileges by leveraging XFS filesystem access. (CVE-2015-0274)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regular update.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Swiecki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information:
https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

USN-2448-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem.

We apologize for the inconvenience.

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)

Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS).
(CVE-2014-7826)

A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-3673)

A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic).
(CVE-2014-3687)

It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service.
(CVE-2014-3688)

Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)

Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)

Dmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)

The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

USN-2447-1 fixed vulnerabilities in the Linux kernel. Due to an unrelated regression TCP Throughput drops to zero for several drivers after upgrading. This update fixes the problem.

We apologize for the inconvenience.

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)

Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS).
(CVE-2014-7826)

A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash).
(CVE-2014-3673)

A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic).
(CVE-2014-3687)

It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service.
(CVE-2014-3688)

Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application. (CVE-2014-7825)

Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop). (CVE-2014-7970)

Dmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)

The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

An information leak in the Linux kernel was discovered that could leak the high 16 bits of the kernel stack address on 32-bit Kernel Virtual Machine (KVM) paravirt guests. A user in the guest OS could exploit this leak to obtain information that could potentially be used to aid in attacking the kernel. (CVE-2014-8134)

Rabin Vincent, Robert Swiecki, Russell King discovered that the ftrace subsystem of the Linux kernel does not properly handle private syscall numbers. A local user could exploit this flaw to cause a denial of service (OOPS). (CVE-2014-7826)

A flaw in the handling of malformed ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (system crash). (CVE-2014-3673)

A flaw in the handling of duplicate ASCONF chunks by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel was discovered. A remote attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-3687)

It was discovered that excessive queuing by SCTP (Stream Control Transmission Protocol) implementation in the Linux kernel can cause memory pressure. A remote attacker could exploit this flaw to cause a denial of service. (CVE-2014-3688)

Rabin Vincent, Robert Swiecki, Russell Kinglaw discovered a flaw in how the perf subsystem of the Linux kernel handles private systecall numbers. A local user could exploit this to cause a denial of service (OOPS) or bypass ASLR protections via a crafted application.
(CVE-2014-7825)

Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot directory. A local user could exploit this flaw to cause a denial of service (mount-tree loop).
(CVE-2014-7970)

Dmitry Monakhov discovered a race condition in the ext4_file_write_iter function of the Linux kernel's ext4 filesystem. A local user could exploit this flaw to cause a denial of service (file unavailability). (CVE-2014-8086)

The KVM (kernel virtual machine) subsystem of the Linux kernel miscalculates the number of memory pages during the handling of a mapping failure. A guest OS user could exploit this to cause a denial of service (host OS page unpinning) or possibly have unspecified other impact by leveraging guest OS privileges. (CVE-2014-8369)

Andy Lutomirski discovered that the Linux kernel does not properly handle faults associated with the Stack Segment (SS) register on the x86 architecture. A local attacker could exploit this flaw to cause a denial of service (panic). (CVE-2014-9090).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

CVE fixes in KVM, ext4, and SCTP.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Even more btrfs corruption/error fixes. Small b43 wireless regression fix.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
124808	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1484)	Nessus	Huawei Local Security Checks	critical
124807	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483)	Nessus	Huawei Local Security Checks	high
85764	SUSE SLES11 Security Update : kernel (SUSE-SU-2015:1478-1)	Nessus	SuSE Local Security Checks	medium
84545	SUSE SLED11 / SLES11 Security Update : kernel (SUSE-SU-2015:1174-1)	Nessus	SuSE Local Security Checks	medium
84227	SUSE SLED12 / SLES12 Security Update : kernel (SUSE-SU-2015:1071-1)	Nessus	SuSE Local Security Checks	medium
82254	Scientific Linux Security Update : kernel on SL7.x x86_64 (20150305)	Nessus	Scientific Linux Local Security Checks	high
81905	RHEL 6 : MRG (RHSA-2015:0694)	Nessus	Red Hat Local Security Checks	medium
81885	CentOS 7 : kernel (CESA-2015:0290)	Nessus	CentOS Local Security Checks	high
81800	Oracle Linux 7 : kernel (ELSA-2015-0290)	Nessus	Oracle Linux Local Security Checks	high
81626	RHEL 7 : kernel (RHSA-2015:0290)	Nessus	Red Hat Local Security Checks	high
80168	Ubuntu 14.10 : linux regression (USN-2448-2)	Nessus	Ubuntu Local Security Checks	high
80167	Ubuntu 14.04 LTS : linux-lts-utopic regression (USN-2447-2)	Nessus	Ubuntu Local Security Checks	high
80034	Ubuntu 14.10 : linux vulnerabilities (USN-2448-1)	Nessus	Ubuntu Local Security Checks	high
80033	Ubuntu 14.04 LTS : linux-lts-utopic vulnerabilities (USN-2447-1)	Nessus	Ubuntu Local Security Checks	high
78715	Fedora 20 : kernel-3.16.6-202.fc20 (2014-13558)	Nessus	Fedora Local Security Checks	high
78610	Fedora 21 : kernel-3.17.1-302.fc21 (2014-13222)	Nessus	Fedora Local Security Checks	medium

CVE-2014-8086

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

critical

high

medium

medium

medium

high

medium

high

high

high

high

high

high

high

high

medium