http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=eee5cc2702929fd41cce28058dc6d6717f723f87

RHSA-2015:0290

RHSA-2015:0694

[oss-security] 20150309 CVE-2014-8172

https://bugzilla.redhat.com/show_bug.cgi?id=1198503

https://github.com/torvalds/linux/commit/eee5cc2702929fd41cce28058dc6d6717f723f87

According to the versions of the kernel packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  - The ims_pcu_get_cdc_union_desc function in     drivers/input/misc/ims-pcu.c in the Linux kernel,     through 4.13.11, allows local users to cause a denial     of service (ims_pcu_parse_cdc_data out-of-bounds read     and system crash) or possibly have unspecified other     impact via a crafted USB device.(CVE-2017-16645i1/4%0

  - It was found that due to excessive files_lock locking,     a soft lockup could be triggered in the Linux kernel     when performing asynchronous I/O operations. A local,     unprivileged user could use this flaw to crash the     system.(CVE-2014-8172i1/4%0

  - A flaw was discovered in the kernel's collect_mounts     function. If the kernel's audit subsystem called     collect_mounts to audit an unmounted path, it could     panic the system. With this flaw, an unprivileged user     could call umount(MNT_DETACH) to launch a     denial-of-service attack.(CVE-2015-4177i1/4%0

  - A flaw was found in the way the Linux kernel's floppy     driver handled user space provided data in certain     error code paths while processing FDRAWCMD IOCTL     commands. A local user with write access to /dev/fdX     could use this flaw to free (using the kfree()     function) arbitrary kernel memory. (CVE-2014-1737,     Important) was found that the Linux kernel's floppy     driver leaked internal kernel memory addresses to user     space during the processing of the FDRAWCMD IOCTL     command. A local user with write access to /dev/fdX     could use this flaw to obtain information about the     kernel heap arrangement. (CVE-2014-1738, Low)Note: A     local user with write access to /dev/fdX could use     these two flaws (CVE-2014-1737 in combination with     CVE-2014-1738) to escalate their privileges on the     system.(CVE-2014-1738i1/4%0

  - A reference counter leak in Linux kernel in     ipxitf_ioctl function was found which results in a use     after free vulnerability that's triggerable from     unprivileged userspace when IPX interface is     configured.(CVE-2017-7487i1/4%0

  - The x25_recvmsg function in net/x25/af_x25.c in the     Linux kernel before 3.12.4 updates a certain length     value without ensuring that an associated data     structure has been initialized, which allows local     users to obtain sensitive information from kernel     memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg     system call.(CVE-2013-7271i1/4%0

  - An inode data validation error was found in Linux     kernels built with UDF file system (CONFIG_UDF_FS)     support. An attacker able to mount a     corrupted/malicious UDF file system image could cause     the kernel to crash.(CVE-2015-4167i1/4%0

  - Double free vulnerability in the ioctx_alloc function     in fs/aio.c in the Linux kernel before 3.12.4 allows     local users to cause a denial of service (system crash)     or possibly have unspecified other impact via vectors     involving an error condition in the aio_setup_ring     function.(CVE-2013-7348i1/4%0

  - A flaw was found in the Linux kernel's implementation     of setsockopt for the SO_{SND|RCV}BUFFORCE setsockopt()     system call. Users with non-namespace CAP_NET_ADMIN are     able to trigger this call and create a situation in     which the sockets sendbuff data size could be negative.
    This could adversely affect memory allocations and     create situations where the system could crash or cause     memory corruption.(CVE-2016-9793i1/4%0

  - Use-after-free vulnerability in the     ffs_user_copy_worker function in     drivers/usb/gadget/function/f_fs.c in the Linux kernel     before 4.5.3 allows local users to gain privileges by     accessing an I/O data structure after a certain     callback call. Due to the nature of the flaw, privilege     escalation cannot be fully ruled out, although we     believe it is unlikely.(CVE-2016-7912i1/4%0

  - A flaw was found in the way the get_dumpable() function     return value was interpreted in the ptrace subsystem of     the Linux kernel. When 'fs.suid_dumpable' was set to 2,     a local, unprivileged local user could use this flaw to     bypass intended ptrace restrictions and obtain     potentially sensitive information.(CVE-2013-2929i1/4%0

  - A DoS flaw was found for a Linux kernel built for the     x86 architecture which had the KVM virtualization     support(CONFIG_KVM) enabled. The kernel would be     vulnerable to a NULL pointer dereference flaw in Linux     kernel's kvm_apic_has_events() function while doing an     ioctl. An unprivileged user able to access the     '/dev/kvm' device could use this flaw to crash the     system kernel.(CVE-2015-4692i1/4%0

  - The intr function in sound/oss/msnd_pinnacle.c in the     Linux kernel through 4.11.7 allows local users to cause     a denial of service (over-boundary access) or possibly     have unspecified other impact by changing the value of     a message queue head pointer between two kernel reads     of that value, aka a 'double fetch'     vulnerability.(CVE-2017-9986i1/4%0

  - sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the     MSM QDSP6 audio driver for the Linux kernel 3.x, as     used in Qualcomm Innovation Center (QuIC) Android     contributions for MSM devices and other products,     allows attackers to cause a denial of service (buffer     over-read) or possibly have unspecified other impact     via a crafted application that makes an ioctl call     specifying many commands.(CVE-2016-2064i1/4%0

  - The digi_port_init function in     drivers/usb/serial/digi_acceleport.c in the Linux     kernel before 4.5.1 allows physically proximate     attackers to cause a denial of service (NULL pointer     dereference and system crash) via a crafted endpoints     value in a USB device descriptor.(CVE-2016-3140i1/4%0

  - In the Linux kernel through 4.14.13, the     rds_cmsg_atomic function in net/rds/rdma.c mishandles     cases where page pinning fails or an invalid address is     supplied, leading to an rds_atomic_free_op NULL pointer     dereference.(CVE-2018-5333i1/4%0

  - Multiple buffer underflows in the XFS implementation in     the Linux kernel through 3.12.1 allow local users to     cause a denial of service (memory corruption) or     possibly have unspecified other impact by leveraging     the CAP_SYS_ADMIN capability for a (1)     XFS_IOC_ATTRLIST_BY_HANDLE or (2)     XFS_IOC_ATTRLIST_BY_HANDLE_32 ioctl call with a crafted     length value, related to the xfs_attrlist_by_handle     function in fs/xfs/xfs_ioctl.c and the     xfs_compat_attrlist_by_handle function in     fs/xfs/xfs_ioctl32.c.(CVE-2013-6382i1/4%0

  - In the Linux kernel through 5.0.2, the function     inotify_update_existing_watch() in     fs/notify/inotify/inotify_user.c neglects to call     fsnotify_put_mark() with IN_MASK_CREATE after     fsnotify_find_mark(), which will cause a memory leak     (aka refcount leak). Finally, this will cause a denial     of service.(CVE-2019-9857i1/4%0

  - It was found that stacking a file system over procfs in     the Linux kernel could lead to a kernel stack overflow     due to deep nesting, as demonstrated by mounting     ecryptfs over procfs and creating a recursion by     mapping /proc/environ. An unprivileged, local user     could potentially use this flaw to escalate their     privileges on the system.(CVE-2016-1583i1/4%0

  - A heap-based buffer overflow vulnerability was found in     the Linux kernel's hiddev driver. This flaw could allow     a local attacker to corrupt kernel memory, possible     privilege escalation or crashing the     system.(CVE-2016-5829i1/4%0

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  - A flaw was found in the way the Linux kernel's SCTP     implementation validated INIT chunks when performing     Address Configuration Change (ASCONF). A remote     attacker could use this flaw to crash the system by     sending a specially crafted SCTP packet to trigger a     NULL pointer dereference on the system.(CVE-2014-7841)

  - It was found that reporting emulation failures to user     space could lead to either a local (CVE-2014-7842) or a     L2-i1/4zL1 (CVE-2010-5313) denial of service. In the case     of a local denial of service, an attacker must have     access to the MMIO area or be able to access an I/O     port. Please note that on certain systems, HPET is     mapped to userspace as part of vdso (vvar) and thus an     unprivileged user may generate MMIO transactions (and     enter the emulator) this way.(CVE-2014-7842)

  - The pivot_root implementation in fs/namespace.c in the     Linux kernel through 3.17 does not properly interact     with certain locations of a chroot directory, which     allows local users to cause a denial of service     (mount-tree loop) via . (dot) values in both arguments     to the pivot_root system call.(CVE-2014-7970)

  - The do_umount function in fs/namespace.c in the Linux     kernel through 3.17 does not require the CAP_SYS_ADMIN     capability for do_remount_sb calls that change the root     filesystem to read-only, which allows local users to     cause a denial of service (loss of writability) by     making certain unshare system calls, clearing the /     MNT_LOCKED flag, and making an MNT_FORCE umount system     call.(CVE-2014-7975)

  - A race condition flaw was found in the Linux kernel's     ext4 file system implementation that allowed a local,     unprivileged user to crash the system by simultaneously     writing to a file and toggling the O_DIRECT flag using     fcntl(F_SETFL) on that file.(CVE-2014-8086)

  - A flaw was found in the way the Linux kernel's     netfilter subsystem handled generic protocol tracking.
    As demonstrated in the Stream Control Transmission     Protocol (SCTP) case, a remote attacker could use this     flaw to bypass intended iptables rule restrictions when     the associated connection tracking module was not     loaded on the system.(CVE-2014-8160)

  - It was found that due to excessive files_lock locking,     a soft lockup could be triggered in the Linux kernel     when performing asynchronous I/O operations. A local,     unprivileged user could use this flaw to crash the     system.(CVE-2014-8172)

  - A NULL pointer dereference flaw was found in the way     the Linux kernel's madvise MADV_WILLNEED functionality     handled page table locking. A local, unprivileged user     could use this flaw to crash the system.(CVE-2014-8173)

  - It was found that the fix for CVE-2014-3601 was     incomplete: the Linux kernel's kvm_iommu_map_pages()     function still handled IOMMU mapping failures     incorrectly. A privileged user in a guest with an     assigned host device could use this flaw to crash the     host.(CVE-2014-8369)

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     lacks intended decoder-table flags for certain     RIP-relative instructions, which allows guest OS users     to cause a denial of service (NULL pointer dereference     and host OS crash) via a crafted     application.(CVE-2014-8480)

  - The instruction decoder in arch/x86/kvm/emulate.c in     the KVM subsystem in the Linux kernel before 3.18-rc2     does not properly handle invalid instructions, which     allows guest OS users to cause a denial of service     (NULL pointer dereference and host OS crash) via a     crafted application that triggers (1) an improperly     fetched instruction or (2) an instruction that occupies     too many bytes. NOTE: this vulnerability exists because     of an incomplete fix for CVE-2014-8480.(CVE-2014-8481)

  - A flaw was found in the way the Linux kernel's VFS     subsystem handled file system locks. A local,     unprivileged user could use this flaw to trigger a     deadlock in the kernel, causing a denial of service on     the system.(CVE-2014-8559)

  - An information leak flaw was found in the Linux     kernel's IEEE 802.11 wireless networking     implementation. When software encryption was used, a     remote attacker could use this flaw to leak up to 8     bytes of plaintext.(CVE-2014-8709)

  - A stack-based buffer overflow flaw was found in the     TechnoTrend/Hauppauge DEC USB device driver. A local     user with write access to the corresponding device     could use this flaw to crash the kernel or,     potentially, elevate their privileges on the     system.(CVE-2014-8884)

  - The do_double_fault function in arch/x86/kernel/traps.c     in the Linux kernel through 3.17.4 does not properly     handle faults associated with the Stack Segment (SS)     segment register, which allows local users to cause a     denial of service (panic) via a modify_ldt system call,     as demonstrated by sigreturn_32 in the     linux-clock-tests test suite.(CVE-2014-9090)

  - A flaw was found in the way the Linux kernel handled GS     segment register base switching when recovering from a     #SS (stack segment) fault on an erroneous return to     user space. A local, unprivileged user could use this     flaw to escalate their privileges on the     system.(CVE-2014-9322)

  - An information leak flaw was found in the way the Linux     kernel changed certain segment registers and     thread-local storage (TLS) during a context switch. A     local, unprivileged user could use this flaw to leak     the user space TLS base address of an arbitrary     process.(CVE-2014-9419)

  - It was found that the Linux kernel's ISO file system     implementation did not correctly limit the traversal of     Rock Ridge extension Continuation Entries (CE). An     attacker with physical access to the system could use     this flaw to trigger an infinite loop in the kernel,     resulting in a denial of service.(CVE-2014-9420)

  - A race condition flaw was found in the way the Linux     kernel keys management subsystem performed key garbage     collection. A local attacker could attempt accessing a     key while it was being garbage collected, which would     cause the system to crash.(CVE-2014-9529)

  - An information leak flaw was found in the way the Linux     kernel's ISO9660 file system implementation accessed     data on an ISO9660 image with RockRidge Extension     Reference (ER) records. An attacker with physical     access to the system could use this flaw to disclose up     to 255 bytes of kernel memory.(CVE-2014-9584)

  - An information leak flaw was found in the way the Linux     kernel's Virtual Dynamic Shared Object (vDSO)     implementation performed address randomization. A     local, unprivileged user could use this flaw to leak     kernel memory addresses to user-space.(CVE-2014-9585)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

* Users of kernel modules may need to upgrade the module to maintain compatibility.

The system must be rebooted for this update to take effect.

Updated kernel-rt packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* A flaw was found in the way the Linux kernel's splice() system call validated its parameters. On certain file systems, a local, unprivileged user could use this flaw to write past the maximum file size, and thus crash the system. (CVE-2014-7822, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, and Akira Fujita of NEC for reporting CVE-2014-7822.

Bug fixes :

* A patch removing the xt_connlimit revision zero ABI was not reverted in the kernel-rt package, which caused problems because the iptables package requires this revision. A patch to remove the xt_connlimit revision 0 was reverted from the kernel-rt sources to allow the iptables command to execute correctly. (BZ#1169755)

* With an older Mellanox Connect-IB (mlx4) driver present in the MRG Realtime kernel, a race condition could occur that would cause a loss of connection. The mlx4 driver was updated, resolving the race condition and allowing proper connectivity. (BZ#1182246)

* The MRG Realtime kernel did not contain the appropriate code to resume after a device failed, causing the volume status after a repair to not be properly updated. A 'refresh needed' was still listed in the 'lvs' output after executing the 'lvchange --refresh' command. A patch was added that adds the ability to correctly restore a transiently failed device upon resume. (BZ#1159803)

* The sosreport executable would hang when reading /proc/net/rpc/use-gss-proxy because of faulty wait_queue logic in the proc handler. This wait_queue logic was removed from the proc handler, allowing the reads to correctly return the current state. (BZ#1169900)

Enhancements :

* The MRG Realtime kernel-rt sources have been modified to take advantage of the updated 3.10 kernel sources that are available with the Red Hat Enterprise Linux 7 releases. (BZ#1172844)

* The MRG Realtime version of the e1000e driver has been updated to provide support for the Intel I218-LM network adapter. (BZ#1191767)

* The MRG Realtime kernel was updated to provide support for the Mellanox Connect-IB (mlx5). (BZ#1171363)

* The rt-firmware package has been updated to provide additional firmware files required by the new version of the Red Hat Enterprise MRG 2.5 kernel (BZ#1184251)

All kernel-rt users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regular update.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information:
https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

Updated kernel packages that fix multiple security issues, address several hundred bugs, and add numerous enhancements are now available as part of the ongoing support and maintenance of Red Hat Enterprise Linux version 7. This is the first regular update.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's XFS file system handled replacing of remote attributes under certain conditions. A local user with access to XFS file system mount could potentially use this flaw to escalate their privileges on the system. (CVE-2015-0274, Important)

* It was found that the Linux kernel's KVM implementation did not ensure that the host CR4 control register value remained unchanged across VM entries on the same virtual CPU. A local, unprivileged user could use this flaw to cause denial of service on the system.
(CVE-2014-3690, Moderate)

* A flaw was found in the way Linux kernel's Transparent Huge Pages (THP) implementation handled non-huge page migration. A local, unprivileged user could use this flaw to crash the kernel by migrating transparent hugepages. (CVE-2014-3940, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's perf subsystem. A local, unprivileged user could use this flaw to crash the system.
(CVE-2014-7825, Moderate)

* An out-of-bounds memory access flaw was found in the syscall tracing functionality of the Linux kernel's ftrace subsystem. On a system with ftrace syscall tracing enabled, a local, unprivileged user could use this flaw to crash the system, or escalate their privileges.
(CVE-2014-7826, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file system implementation that allowed a local, unprivileged user to crash the system by simultaneously writing to a file and toggling the O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

* A flaw was found in the way the Linux kernel's netfilter subsystem handled generic protocol tracking. As demonstrated in the Stream Control Transmission Protocol (SCTP) case, a remote attacker could use this flaw to bypass intended iptables rule restrictions when the associated connection tracking module was not loaded on the system.
(CVE-2014-8160, Moderate)

* It was found that due to excessive files_lock locking, a soft lockup could be triggered in the Linux kernel when performing asynchronous I/O operations. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADV_WILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-8173, Moderate)

* An information leak flaw was found in the Linux kernel's IEEE 802.11 wireless networking implementation. When software encryption was used, a remote attacker could use this flaw to leak up to 8 bytes of plaintext. (CVE-2014-8709, Low)

* A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge DEC USB device driver. A local user with write access to the corresponding device could use this flaw to crash the kernel or, potentially, elevate their privileges on the system.
(CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and Robert Swiecki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements. Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on the most significant of these changes, and the following Knowledgebase article for further information:
https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated packages, which correct these issues and add these enhancements. The system must be rebooted for this update to take effect.

ID	Name	Product	Family	Severity
124988	EulerOS Virtualization for ARM 64 3.0.1.0 : kernel (EulerOS-SA-2019-1535)	Nessus	Huawei Local Security Checks	high
124807	EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1483)	Nessus	Huawei Local Security Checks	high
82254	Scientific Linux Security Update : kernel on SL7.x x86_64 (20150305)	Nessus	Scientific Linux Local Security Checks	high
81905	RHEL 6 : MRG (RHSA-2015:0694)	Nessus	Red Hat Local Security Checks	high
81885	CentOS 7 : kernel (CESA-2015:0290)	Nessus	CentOS Local Security Checks	high
81626	RHEL 7 : kernel (RHSA-2015:0290)	Nessus	Red Hat Local Security Checks	high

CVE-2014-8172

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins