RHEL 6 : kernel (RHSA-2013:1519)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel packages that fix two security issues and several bugs
are now available for Red Hat Enterprise Linux 6.2 Extended Update
Support.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS)
base scores, which give detailed severity ratings, are available for
each vulnerability from the CVE links in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

* A race condition was found in the way asynchronous I/O and
fallocate() interacted when using the ext4 file system. A local,
unprivileged user could use this flaw to expose random data from an
extent whose data blocks have not yet been written, and thus contain
data from a deleted file. (CVE-2012-4508, Important)

* An information leak flaw was found in the way Linux kernel's device
mapper subsystem, under certain conditions, interpreted data written
to snapshot block devices. An attacker could use this flaw to read
data from disk blocks in free space, which are normally inaccessible.
(CVE-2013-4299, Moderate)

Red Hat would like to thank Theodore Ts'o for reporting CVE-2012-4508,
and Fujitsu for reporting CVE-2013-4299. Upstream acknowledges Dmitry
Monakhov as the original reporter of CVE-2012-4508.

This update also fixes the following bugs :

* When the Audit subsystem was under heavy load, it could loop
infinitely in the audit_log_start() function instead of failing over
to the error recovery code. This would cause soft lockups in the
kernel. With this update, the timeout condition in the
audit_log_start() function has been modified to properly fail over
when necessary. (BZ#1017898)

* When handling Memory Type Range Registers (MTRRs), the
stop_one_cpu_nowait() function could potentially be executed in
parallel with the stop_machine() function, which resulted in a
deadlock. The MTRR handling logic now uses the stop_machine() function
and makes use of mutual exclusion to avoid the aforementioned
deadlock. (BZ#1017902)

* Power-limit notification interrupts were enabled by default. This
could lead to degradation of system performance or even render the
system unusable on certain platforms, such as Dell PowerEdge servers.
Power-limit notification interrupts have been disabled by default and
a new kernel command line parameter 'int_pln_enable' has been added to
allow users to observe these events using the existing system
counters. Power-limit notification messages are also no longer
displayed on the console. The affected platforms no longer suffer from
degraded system performance due to this problem. (BZ#1020519)

* Package level thermal and power limit events are not defined as MCE
errors for the x86 architecture. However, the mcelog utility
erroneously reported these events as MCE errors with the following
message :

kernel: [Hardware Error]: Machine check events logged

Package level thermal and power limit events are no longer reported as
MCE errors by mcelog. When these events are triggered, they are now
reported only in the respective counters in sysfs (specifically,
/sys/devices/system/cpu/cpu<number>/thermal_throttle/). (BZ#1021950)

* An insufficiently designed calculation in the CPU accelerator could
cause an arithmetic overflow in the set_cyc2ns_scale() function if the
system uptime exceeded 208 days prior to using kexec to boot into a
new kernel. This overflow led to a kernel panic on systems using the
Time Stamp Counter (TSC) clock source, primarily systems using Intel
Xeon E5 processors that do not reset TSC on soft power cycles. A patch
has been applied to modify the calculation so that this arithmetic
overflow and kernel panic can no longer occur under these
circumstances. (BZ#1024453)

All kernel users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues. The system
must be rebooted for this update to take effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2012-4508.html
https://www.redhat.com/security/data/cve/CVE-2013-4299.html
http://rhn.redhat.com/errata/RHSA-2013-1519.html

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 78978 ()

Bugtraq ID:

CVE ID: CVE-2012-4508
CVE-2013-4299

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now