New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 9.4
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe Linux kernel was updated to fix security issues and bugs.
Security issues fixed: CVE-2014-3153: The futex_requeue function in kernel/futex.c in the Linux kernel did not ensure that calls have two different futex addresses, which allowed local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2) BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter function in net/core/filter.c in the Linux kernel did not check whether a certain length value is sufficiently large, which allowed local users to cause a denial of service (integer underflow and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr and __skb_get_nlattr_nest functions before the vulnerability was announced.
CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel used the reverse order in a certain subtraction, which allowed local users to cause a denial of service (over-read and system crash) via crafted BPF instructions. NOTE: the affected code was moved to the
__skb_get_nlattr_nest function before the vulnerability was announced.
CVE-2014-0077: drivers/vhost/net.c in the Linux kernel, when mergeable buffers are disabled, did not properly validate packet lengths, which allowed guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.
CVE-2014-0055: The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package did not properly handle vhost_get_vq_desc errors, which allowed guest OS users to cause a denial of service (host OS crash) via unspecified vectors.
CVE-2014-2678: The rds_iw_laddr_check function in net/rds/iw.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2013-7339: The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via a bind system call for an RDS socket on a system that lacks RDS transports.
CVE-2014-2851: Integer overflow in the ping_init_sock function in net/ipv4/ping.c in the Linux kernel allowed local users to cause a denial of service (use-after-free and system crash) or possibly gain privileges via a crafted application that leverages an improperly managed reference counter.
- ext4: Fix buffer double free in ext4_alloc_branch() (bnc#880599 bnc#876981).
- patches.fixes/firewire-01-net-fix-use-after-free.patch, patches.fixes/firewire-02-ohci-fix-probe-failure-with-ag ere-lsi-controllers.patch, patches.fixes/firewire-03-dont-use-prepare_delayed_work.
patch: Add missing bug reference (bnc#881697).
- firewire: don't use PREPARE_DELAYED_WORK.
- firewire: ohci: fix probe failure with Agere/LSI controllers.
- firewire: net: fix use after free.
- USB: OHCI: fix problem with global suspend on ATI controllers (bnc#868315).
- mm: revert 'page-writeback.c: subtract min_free_kbytes from dirtyable memory' (bnc#879792).
- usb: musb: tusb6010: Use musb->tusb_revision instead of tusb_get_revision call (bnc#872715).
- usb: musb: tusb6010: Add tusb_revision to struct musb to store the revision (bnc#872715).
- ALSA: hda - Fix onboard audio on Intel H97/Z97 chipsets (bnc#880613).
- floppy: do not corrupt bio.bi_flags when reading block 0 (bnc#879258).
- reiserfs: call truncate_setsize under tailpack mutex (bnc#878115).
- Update Xen config files: Set compatibility level back to 4.1 (bnc#851338).
- Update config files. Guillaume GARDET reported a broken build due to CONFIG_USB_SERIAL_GENERIC being modular
- memcg: deprecate memory.force_empty knob (bnc#878274).
- nfsd: when reusing an existing repcache entry, unhash it first (bnc#877721).
- Enable Socketcan again for i386 and x86_64 (bnc#858067)
- xhci: extend quirk for Renesas cards (bnc#877713).
- xhci: Fix resume issues on Renesas chips in Samsung laptops (bnc#877713).
- mm: try_to_unmap_cluster() should lock_page() before mlocking (bnc#876102, CVE-2014-3122).
- drm/i915, HD-audio: Don't continue probing when nomodeset is given (bnc#882648).
- x86/mm/numa: Fix 32-bit kernel NUMA boot (bnc#881727).
SolutionUpdate the affected kernel packages.