openSUSE Security Update : kernel (openSUSE-SU-2014:0840-1)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

The Linux kernel was updated to fix security issues and bugs.

Security issues fixed: CVE-2014-3153: The futex_requeue function in
kernel/futex.c in the Linux kernel did not ensure that calls have two
different futex addresses, which allowed local users to gain
privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe
waiter modification.

CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST
extension implementations in the sk_run_filter function in
net/core/filter.c in the Linux kernel did not check whether a certain
length value is sufficiently large, which allowed local users to cause
a denial of service (integer underflow and system crash) via crafted
BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr and __skb_get_nlattr_nest functions before the
vulnerability was announced.

CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in
the sk_run_filter function in net/core/filter.c in the Linux kernel
used the reverse order in a certain subtraction, which allowed local
users to cause a denial of service (over-read and system crash) via
crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.

CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable
buffers are disabled, did not properly validate packet lengths, which
allowed guest OS users to cause a denial of service (memory corruption
and host OS crash) or possibly gain privileges on the host OS via
crafted packets, related to the handle_rx and get_rx_bufs functions.

CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the
vhost-net subsystem in the Linux kernel package did not properly
handle vhost_get_vq_desc errors, which allowed guest OS users to cause
a denial of service (host OS crash) via unspecified vectors.

CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact via a bind system call for an RDS socket on a system that
lacks RDS transports.

CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the
Linux kernel allowed local users to cause a denial of service (NULL
pointer dereference and system crash) or possibly have unspecified
other impact via a bind system call for an RDS socket on a system that
lacks RDS transports.

CVE-2014-2851: Integer overflow in the ping_init_sock function in
net/ipv4/ping.c in the Linux kernel allowed local users to cause a
denial of service (use-after-free and system crash) or possibly gain
privileges via a crafted application that leverages an improperly
managed reference counter.

- ext4: Fix buffer double free in ext4_alloc_branch()
(bnc#880599 bnc#876981).

- patches.fixes/firewire-01-net-fix-use-after-free.patch,
patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag
ere-lsi-controllers.patch,
patches.fixes/firewire-03-dont-use-prepare_delayed_work.
patch: Add missing bug reference (bnc#881697).

- firewire: don't use PREPARE_DELAYED_WORK.

- firewire: ohci: fix probe failure with Agere/LSI
controllers.

- firewire: net: fix use after free.

- USB: OHCI: fix problem with global suspend on ATI
controllers (bnc#868315).

- mm: revert 'page-writeback.c: subtract min_free_kbytes
from dirtyable memory' (bnc#879792).

- usb: musb: tusb6010: Use musb->tusb_revision instead of
tusb_get_revision call (bnc#872715).

- usb: musb: tusb6010: Add tusb_revision to struct musb to
store the revision (bnc#872715).

- ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets
(bnc#880613).

- floppy: do not corrupt bio.bi_flags when reading block 0
(bnc#879258).

- reiserfs: call truncate_setsize under tailpack mutex
(bnc#878115).

- Update Xen config files: Set compatibility level back to
4.1 (bnc#851338).

- Update config files. Guillaume GARDET reported a broken
build due to CONFIG_USB_SERIAL_GENERIC being modular

- memcg: deprecate memory.force_empty knob (bnc#878274).

- nfsd: when reusing an existing repcache entry, unhash it
first (bnc#877721).

- Enable Socketcan again for i386 and x86_64 (bnc#858067)

- xhci: extend quirk for Renesas cards (bnc#877713).

- xhci: Fix resume issues on Renesas chips in Samsung
laptops (bnc#877713).

- mm: try_to_unmap_cluster() should lock_page() before
mlocking (bnc#876102, CVE-2014-3122).

- drm/i915, HD-audio: Don't continue probing when
nomodeset is given (bnc#882648).

- x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).

See also :

http://lists.opensuse.org/opensuse-updates/2014-06/msg00050.html
https://bugzilla.novell.com/show_bug.cgi?id=851338
https://bugzilla.novell.com/show_bug.cgi?id=858067
https://bugzilla.novell.com/show_bug.cgi?id=868315
https://bugzilla.novell.com/show_bug.cgi?id=869563
https://bugzilla.novell.com/show_bug.cgi?id=870173
https://bugzilla.novell.com/show_bug.cgi?id=870576
https://bugzilla.novell.com/show_bug.cgi?id=871561
https://bugzilla.novell.com/show_bug.cgi?id=872715
https://bugzilla.novell.com/show_bug.cgi?id=873374
https://bugzilla.novell.com/show_bug.cgi?id=876102
https://bugzilla.novell.com/show_bug.cgi?id=876981
https://bugzilla.novell.com/show_bug.cgi?id=877257
https://bugzilla.novell.com/show_bug.cgi?id=877713
https://bugzilla.novell.com/show_bug.cgi?id=877721
https://bugzilla.novell.com/show_bug.cgi?id=878115
https://bugzilla.novell.com/show_bug.cgi?id=878274
https://bugzilla.novell.com/show_bug.cgi?id=879258
https://bugzilla.novell.com/show_bug.cgi?id=879792
https://bugzilla.novell.com/show_bug.cgi?id=880599
https://bugzilla.novell.com/show_bug.cgi?id=880613
https://bugzilla.novell.com/show_bug.cgi?id=880892
https://bugzilla.novell.com/show_bug.cgi?id=881697
https://bugzilla.novell.com/show_bug.cgi?id=881727
https://bugzilla.novell.com/show_bug.cgi?id=882648

Solution :

Update the affected kernel packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.6
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now