Executive Summary

Summary
Title kernel security update
Informations
Name RHSA-2014:0800 First vendor Publication 2014-06-26
Vendor RedHat Last vendor Modification 2014-06-26
Severity (Vendor) Important Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated kernel packages that fix three security issues are now available for Red Hat Enterprise Linux 6.2 Extended Update Support.

The Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AUS (v. 6.2 server) - noarch, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 6.2) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux operating system.

* A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important)

* A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important)

* It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system.

Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153.

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

4. Solution:

Before applying this update, make sure all previously released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/site/articles/11258

To install kernel packages manually, use "rpm -ivh [package]". Do not use "rpm -Uvh" as that will remove the running kernel binaries from your system. You may use "rpm -e" to remove old kernels after determining that the new kernel functions properly on your system.

5. Bugs fixed (https://bugzilla.redhat.com/):

1094299 - CVE-2014-1737 CVE-2014-1738 kernel: block: floppy: privilege escalation via FDRAWCMD floppy ioctl command 1103626 - CVE-2014-3153 kernel: futex: pi futexes requeue issue

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2014-0800.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-754 Improper Check for Unusual or Exceptional Conditions
33 % CWE-269 Improper Privilege Management
33 % CWE-200 Information Exposure

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:24204
 
Oval ID: oval:org.mitre.oval:def:24204
Title: RHSA-2014:0740: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. This update also fixes the following bugs: * A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value. (BZ#1091832) * A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly. (BZ#1092869) * Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152) * A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062) * When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0740-00
CESA-2014:0740
CVE-2013-7339
CVE-2014-1737
CVE-2014-1738
 Version: 3
Platform(s): Red Hat Enterprise Linux 5
CentOS Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24473
 
Oval ID: oval:org.mitre.oval:def:24473
Title: USN-2237-1 -- linux-lts-quantal vulnerability
Description: The system could be made to crash or run programs as an administrator.
Family: unix Class: patch
Reference(s): USN-2237-1
CVE-2014-3153
 Version: 3
Platform(s): Ubuntu 12.04
 Product(s): linux-lts-quantal
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24487
 
Oval ID: oval:org.mitre.oval:def:24487
Title: DSA-2928-1 linux-2.6 - security update
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, information leak or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2928-1
CVE-2014-0196
CVE-2014-1737
CVE-2014-1738
 Version: 5
Platform(s): Debian GNU/Linux 6.0
Debian GNU/kFreeBSD 6.0
 Product(s): linux-2.6
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24711
 
Oval ID: oval:org.mitre.oval:def:24711
Title: DSA-2950-1 openssl - security update
Description: Multiple vulnerabilities have been discovered in OpenSSL.
Family: unix Class: patch
Reference(s): DSA-2950-1
CVE-2014-0195
CVE-2014-0221
CVE-2014-0224
CVE-2014-3470
CVE-2014-3153
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): openssl
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24779
 
Oval ID: oval:org.mitre.oval:def:24779
Title: DSA-2949-1 linux - security update
Description: Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation.
Family: unix Class: patch
Reference(s): DSA-2949-1
CVE-2014-3144
CVE-2014-3145
CVE-2014-3153
 Version: 3
Platform(s): Debian GNU/Linux 7.0
Debian GNU/kFreeBSD 7.0
 Product(s): linux
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24916
 
Oval ID: oval:org.mitre.oval:def:24916
Title: ELSA-2014:0740: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * A NULL pointer dereference flaw was found in the rds_ib_laddr_check() function in the Linux kernel's implementation of Reliable Datagram Sockets (RDS). A local, unprivileged user could use this flaw to crash the system. (CVE-2013-7339, Moderate) Red Hat would like to thank Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. This update also fixes the following bugs: * A bug in the futex system call could result in an overflow when passing a very large positive timeout. As a consequence, the FUTEX_WAIT operation did not work as intended and the system call was timing out immediately. A backported patch fixes this bug by limiting very large positive timeouts to the maximal supported value. (BZ#1091832) * A new Linux Security Module (LSM) functionality related to the setrlimit hooks should produce a warning message when used by a third party module that could not cope with it. However, due to a programming error, the kernel could print this warning message when a process was setting rlimits for a different process, or if rlimits were modified by another than the main thread even though there was no incompatible third party module. This update fixes the relevant code and ensures that the kernel handles this warning message correctly. (BZ#1092869) * Previously, the kernel was unable to detect KVM on system boot if the Hyper-V emulation was enabled. A patch has been applied to ensure that both KVM and Hyper-V hypervisors are now correctly detected during system boot. (BZ#1094152) * A function in the RPC code responsible for verifying whether cached credentials match the current process did not perform the check correctly. The code checked only whether the groups in the current process credentials appear in the same order as in the cached credentials but did not ensure that no other groups are present in the cached credentials. As a consequence, when accessing files in NFS mounts, a process with the same UID and GID as the original process but with a non-matching group list could have been granted an unauthorized access to a file, or under certain circumstances, the process could have been wrongly prevented from accessing the file. The incorrect test condition has been fixed and the problem can no longer occur. (BZ#1095062) * When being under heavy load, some Fibre Channel storage devices, such as Hitachi and HP Open-V series, can send a logout (LOGO) message to the host system. However, due to a bug in the lpfc driver, this could result in a loss of active paths to the storage and the paths could not be recovered without manual intervention. This update corrects the lpfc driver to ensure automatic recovery of the lost paths to the storage in this scenario. (BZ#1096061) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): ELSA-2014:0740-00
CVE-2013-7339
CVE-2014-1737
CVE-2014-1738
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:24924
 
Oval ID: oval:org.mitre.oval:def:24924
Title: RHSA-2014:0771: kernel security and bug fix update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A flaw was found in the way the Linux kernel's floppy driver handled user space provided data in certain error code paths while processing FDRAWCMD IOCTL commands. A local user with write access to /dev/fdX could use this flaw to free (using the kfree() function) arbitrary kernel memory. (CVE-2014-1737, Important) * It was found that the Linux kernel's floppy driver leaked internal kernel memory addresses to user space during the processing of the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use this flaw to obtain information about the kernel heap arrangement. (CVE-2014-1738, Low) Note: A local user with write access to /dev/fdX could use these two flaws (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their privileges on the system. * It was discovered that the proc_ns_follow_link() function did not properly return the LAST_BIND value in the last pathname component as is expected for procfs symbolic links, which could lead to excessive freeing of memory and consequent slab corruption. A local, unprivileged user could use this flaw to crash the system. (CVE-2014-0203, Moderate) * A flaw was found in the way the Linux kernel handled exceptions when user-space applications attempted to use the linkage stack. On IBM S/390 systems, a local, unprivileged user could use this flaw to crash the system. (CVE-2014-2039, Moderate) * An invalid pointer dereference flaw was found in the Marvell 8xxx Libertas WLAN (libertas) driver in the Linux kernel. A local user able to write to a file that is provided by the libertas driver and located on the debug file system (debugfs) could use this flaw to crash the system. Note: The debugfs file system must be mounted locally to exploit this issue. It is not mounted by default. (CVE-2013-6378, Low) * A denial of service flaw was discovered in the way the Linux kernel's SELinux implementation handled files with an empty SELinux security context. A local user who has the CAP_MAC_ADMIN capability could use this flaw to crash the system. (CVE-2014-1874, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153, Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738, and Vladimir Davydov of Parallels for reporting CVE-2014-0203. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. This update also fixes several bugs. Documentation for these changes will be available shortly from the Technical Notes document linked to in the References section. All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0771-00
CESA-2014:0771
CVE-2013-6378
CVE-2014-0203
CVE-2014-1737
CVE-2014-1738
CVE-2014-1874
CVE-2014-2039
CVE-2014-3153
 Version: 3
Platform(s): Red Hat Enterprise Linux 6
CentOS Linux 6
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25045
 
Oval ID: oval:org.mitre.oval:def:25045
Title: SUSE-SU-2014:0775-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix a critical privilege escalation security issue: * CVE-2014-3153: The futex acquisition code in kernel/futex.c can be used to gain ring0 access via the futex syscall. This could be used for privilege escalation by non-root users. (bnc#880892) Security Issue reference: * CVE-2014-3153 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0775-1
CVE-2014-3153
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25261
 
Oval ID: oval:org.mitre.oval:def:25261
Title: RHSA-2014:0786: kernel security, bug fix, and enhancement update (Important)
Description: The kernel packages contain the Linux kernel, the core of any Linux operating system. * A flaw was found in the way the Linux kernel's futex subsystem handled the requeuing of certain Priority Inheritance (PI) futexes. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-3153, Important) * A use-after-free flaw was found in the way the ping_init_sock() function of the Linux kernel handled the group_info reference counter. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-2851, Important) * Use-after-free and information leak flaws were found in the way the Linux kernel's floppy driver processed the FDRAWCMD IOCTL command. A local user with write access to /dev/fdX could use these flaws to escalate their privileges on the system. (CVE-2014-1737, CVE-2014-1738, Important) * It was found that the aio_read_events_ring() function of the Linux kernel's Asynchronous I/O (AIO) subsystem did not properly sanitize the AIO ring head received from user space. A local, unprivileged user could use this flaw to disclose random parts of the (physical) memory belonging to the kernel and/or other processes. (CVE-2014-0206, Moderate) * An out-of-bounds memory access flaw was found in the Netlink Attribute extension of the Berkeley Packet Filter (BPF) interpreter functionality in the Linux kernel's networking implementation. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space via a specially crafted socket filter. (CVE-2014-3144, CVE-2014-3145, Moderate) * An information leak flaw was found in the way the skb_zerocopy() function copied socket buffers (skb) that are backed by user-space buffers (for example vhost-net and Xen netback), potentially allowing an attacker to read data from those buffers. (CVE-2014-2568, Low) Red Hat would like to thank Kees Cook of Google for reporting CVE-2014-3153 and Matthew Daley for reporting CVE-2014-1737 and CVE-2014-1738. Google acknowledges Pinkie Pie as the original reporter of CVE-2014-3153. The CVE-2014-0206 issue was discovered by Mateusz Guzik of Red Hat. This update also fixes the following bugs: * Due to incorrect calculation of Tx statistics in the qlcninc driver, running the "ethtool -S ethX" command could trigger memory corruption. As a consequence, running the sosreport tool, that uses this command, resulted in a kernel panic. The problem has been fixed by correcting the said statistics calculation. (BZ#1104972) * When an attempt to create a file on the GFS2 file system failed due to a file system quota violation, the relevant VFS inode was not completely uninitialized. This could result in a list corruption error. This update resolves this problem by correctly uninitializing the VFS inode in this situation. (BZ#1097407) * Due to a race condition in the kernel, the getcwd() system call could return "/" instead of the correct full path name when querying a path name of a file or directory. Paths returned in the "/proc" file system could also be incorrect. This problem was causing instability of various applications. The aforementioned race condition has been fixed and getcwd() now always returns the correct paths. (BZ#1099048) In addition, this update adds the following enhancements: * The kernel mutex code has been improved. The changes include improved queuing of the MCS spin locks, the MCS code optimization, introduction of the cancellable MCS spin locks, and improved handling of mutexes without wait locks. (BZ#1103631, BZ#1103629) * The handling of the Virtual Memory Area (VMA) cache and huge page faults has been improved. (BZ#1103630) All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. The system must be rebooted for this update to take effect.
Family: unix Class: patch
Reference(s): RHSA-2014:0786-00
CVE-2014-0206
CVE-2014-1737
CVE-2014-1738
CVE-2014-2568
CVE-2014-2851
CVE-2014-3144
CVE-2014-3145
CVE-2014-3153
 Version: 4
Platform(s): Red Hat Enterprise Linux 7
CentOS Linux 7
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25438
 
Oval ID: oval:org.mitre.oval:def:25438
Title: SUSE-SU-2014:0772-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0772-1
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2014-1737
CVE-2014-1738
 Version: 3
Platform(s): SUSE Linux Enterprise Server 10
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:25440
 
Oval ID: oval:org.mitre.oval:def:25440
Title: SUSE-SU-2014:0773-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise Server 10 Service Pack 4 LTSS kernel has been updated to fix various security issues and several bugs.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0773-1
CVE-2013-6382
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2014-1737
CVE-2014-1738
 Version: 3
Platform(s): SUSE Linux Enterprise Server 10
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26071
 
Oval ID: oval:org.mitre.oval:def:26071
Title: SUSE-SU-2014:0837-2 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0837-2
CVE-2014-3153
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26111
 
Oval ID: oval:org.mitre.oval:def:26111
Title: SUSE-SU-2014:0837-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel was updated to fix a critical security issue.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0837-1
CVE-2014-3153
 Version: 3
Platform(s): SUSE Linux Enterprise Server 11
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:26156
 
Oval ID: oval:org.mitre.oval:def:26156
Title: SUSE-SU-2014:0832-1 -- Security update for Linux Kernel
Description: The SUSE Linux Enterprise Server 10 SP3 LTSS received a roll up update to fix several security and non-security issues.
Family: unix Class: patch
Reference(s): SUSE-SU-2014:0832-1
CVE-2013-0343
CVE-2013-2888
CVE-2013-2893
CVE-2013-2897
CVE-2013-4470
CVE-2013-4483
CVE-2013-4588
CVE-2013-6382
CVE-2013-6383
CVE-2013-7263
CVE-2013-7264
CVE-2013-7265
CVE-2014-1444
CVE-2014-1445
CVE-2014-1446
CVE-2014-1737
CVE-2014-1738
 Version: 3
Platform(s): SUSE Linux Enterprise Server 10
 Product(s): Linux Kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27093
 
Oval ID: oval:org.mitre.oval:def:27093
Title: ELSA-2014-3039 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [2.6.32-400.36.2uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918736] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3039
CVE-2014-3153
 Version: 5
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): kernel-uek
mlnx_en
ofa
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
kernel-uek-headers
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27112
 
Oval ID: oval:org.mitre.oval:def:27112
Title: ELSA-2014-3038 -- unbreakable enterprise kernel security update (important)
Description: [2.6.39-400.215.2] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} - futex: Forbid uaddr1 == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918614] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3038
CVE-2014-3153
 Version: 3
Platform(s): Oracle Linux 5
Oracle Linux 6
 Product(s): kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27221
 
Oval ID: oval:org.mitre.oval:def:27221
Title: DEPRECATED: ELSA-2014-0740 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-371.9.1] - [nfs] sunrpc: don't use a credential with extra groups (Mateusz Guzik) [1095062 976201] - [scsi] lpfc: Remove NDLP reference put in lpfc_cmpl_els_logo_acc (Rob Evers) [1096061 1075228] - [infiniband] rds: dereference of a NULL device (Jacob Tanenbaum) [1079216 1079217] {CVE-2013-7339} - [kernel] futex: check relative timeouts for overflow (Denys Vlasenko) [1091832 1084168] - [virt] kvm: correctly detect KVM when hv emulation is enalbed (Jason Wang) [1094152 985767] - [security] Fix spurious warnings in security_ops_task_setrlimit (Mateusz Guzik) [1092869 916235] - [block] floppy: don't write kernel-only members to FDRAWCMD output (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737} - [block] floppy: ignore kernel-only members in FDRAWCMD input (Denys Vlasenko) [1094302 1094303] {CVE-2014-1738 CVE-2014-1737}
Family: unix Class: patch
Reference(s): ELSA-2014-0740
CVE-2013-7339
CVE-2014-1737
CVE-2014-1738
 Version: 4
Platform(s): Oracle Linux 5
 Product(s): kernel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27316
 
Oval ID: oval:org.mitre.oval:def:27316
Title: ELSA-2014-3037 -- Unbreakable Enterprise kernel security update (important)
Description: kernel-uek [3.8.13-35.1.1.el6uek] - futex: Make lookup_pi_state more robust (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Always cleanup owner tid in unlock_pi (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Validate atomic acquisition in futex_lock_pi_atomic() (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} - futex: Forbid uaddr == uaddr2 in futex_requeue(..., requeue_pi=1) (Thomas Gleixner) [Orabug: 18918552] {CVE-2014-3153} {CVE-2014-3153}
Family: unix Class: patch
Reference(s): ELSA-2014-3037
CVE-2014-3153
 Version: 5
Platform(s): Oracle Linux 6
 Product(s): dtrace-modules
kernel-uek
dtrace-modules-headers
dtrace-modules-provider-headers
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27323
 
Oval ID: oval:org.mitre.oval:def:27323
Title: ELSA-2014-0740-1 -- kernel security and bug fix update (important)
Description: kernel [2.6.18-371.9.1.0.1] - i386: fix MTRR code (Zhenzhong Duan) [orabug 15862649] - [oprofile] x86, mm: Add __get_user_pages_fast() [orabug 14277030] - [oprofile] export __get_user_pages_fast() function [orabug 14277030] - [oprofile] oprofile, x86: Fix nmi-unsafe callgraph support [orabug 14277030] - [oprofile] oprofile: use KM_NMI slot for kmap_atomic [orabug 14277030] - [oprofile] oprofile: i386 add get_user_pages_fast support [orabug 14277030] - [kernel] Initialize the local uninitialized variable stats. [orabug 14051367] - [fs] JBD:make jbd support 512B blocks correctly for ocfs2. [orabug 13477763] - [x86 ] fix fpu context corrupt when preempt in signal context [orabug 14038272] - [mm] fix hugetlb page leak (Dave McCracken) [orabug 12375075] - fix ia64 build error due to add-support-above-32-vcpus.patch(Zhenzhong Duan) - [x86] use dynamic vcpu_info remap to support more than 32 vcpus (Zhenzhong Duan) - [x86] Fix lvt0 reset when hvm boot up with noapic param - [scsi] remove printk's when doing I/O to a dead device (John Sobecki, Chris Mason) [orabug 12342275] - [char] ipmi: Fix IPMI errors due to timing problems (Joe Jin) [orabug 12561346] - [scsi] Fix race when removing SCSI devices (Joe Jin) [orabug 12404566] - [net] net: Redo the broken redhat netconsole over bonding (Tina Yang) [orabug 12740042] - [fs] nfs: Fix __put_nfs_open_context() NULL pointer panic (Joe Jin) [orabug 12687646] - fix filp_close() race (Joe Jin) [orabug 10335998] - make xenkbd.abs_pointer=1 by default [orabug 67188919] - [xen] check to see if hypervisor supports memory reservation change (Chuck Anderson) [orabug 7556514] - [net] Enable entropy for bnx2,bnx2x,e1000e,igb,ixgb,ixgbe,ixgbevf (John Sobecki) [orabug 10315433] - [NET] Add xen pv netconsole support (Tina Yang) [orabug 6993043] [bz 7258] - [mm] Patch shrink_zone to yield during severe mempressure events, avoiding hangs and evictions (John Sobecki,Chris Mason) [orabug 6086839] - [mm] Enhance shrink_zone patch allow full swap utilization, and also be NUMA-aware (John Sobecki,Chris Mason,Herbert van den Bergh) [orabug 9245919] - fix aacraid not to reset during kexec (Joe Jin) [orabug 8516042] - [xen] PVHVM guest with PoD crashes under memory pressure (Chuck Anderson) [orabug 9107465] - [xen] PV guest with FC HBA hangs during shutdown (Chuck Anderson) [orabug 9764220] - Support 256GB+ memory for pv guest (Mukesh Rathor) [orabug 9450615] - fix overcommit memory to use percpu_counter for (KOSAKI Motohiro, Guru Anbalagane) [orabug 6124033] - [ipmi] make configurable timeouts for kcs of ipmi [orabug 9752208] - [ib] fix memory corruption (Andy Grover) [orabug 9972346] - [usb] USB: fix __must_check warnings in drivers/usb/core/ (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix endpoint device creation (Junxiao Bi) [orabug 14795203] - [usb] usbcore: fix refcount bug in endpoint removal (Junxiao Bi) [orabug 14795203]
Family: unix Class: patch
Reference(s): ELSA-2014-0740-1
CVE-2013-7339
CVE-2014-1737
CVE-2014-1738
 Version: 5
Platform(s): Oracle Linux 5
 Product(s): kernel
ocfs2
oracleasm
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:27352
 
Oval ID: oval:org.mitre.oval:def:27352
Title: ELSA-2014-3041 -- unbreakable enterprise kernel security update (important)
Description: kernel-uek [3.8.13-35.1.2.el6uek] - floppy: don't write kernel-only members to FDRAWCMD ioctl output (Matthew Daley) [Orabug: 19028443] {CVE-2014-1738} - floppy: ignore kernel-only members in FDRAWCMD ioctl input (Matthew Daley) [Orabug: 19028436] {CVE-2014-1737}
Family: unix Class: patch
Reference(s): ELSA-2014-3041
CVE-2014-1737
CVE-2014-1738
 Version: 5
Platform(s): Oracle Linux 6
 Product(s): dtrace-modules
kernel-uek
kernel-uek-debug
kernel-uek-debug-devel
kernel-uek-devel
kernel-uek-doc
kernel-uek-firmware
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Os 2
Os 2079
Os 1
Os 2
Os 2
Os 1
Os 1
Os 1
Os 1
Os 4

SAINT Exploits

Description Link
Linux kernel futex_requeue privilege elevation More info here

ExploitDB Exploits

id Description
2014-11-25 Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406

Nessus® Vulnerability Scanner

Date Description
2017-04-03 Name : The remote OracleVM host is missing one or more security updates.
File : oraclevm_OVMSA-2017-0057.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0832-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0773-1.nasl - Type : ACT_GATHER_INFO
2015-05-20 Name : The remote SUSE host is missing one or more security updates.
File : suse_SU-2014-0772-1.nasl - Type : ACT_GATHER_INFO
2015-03-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2015-0290.nasl - Type : ACT_GATHER_INFO
2014-11-17 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0801.nasl - Type : ACT_GATHER_INFO
2014-11-11 Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2014-0815.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0900.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0800.nasl - Type : ACT_GATHER_INFO
2014-11-08 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0772.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-bigsmp-201409-140924.nasl - Type : ACT_GATHER_INFO
2014-10-23 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140924.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-392.nasl - Type : ACT_GATHER_INFO
2014-10-12 Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2014-363.nasl - Type : ACT_GATHER_INFO
2014-08-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3070.nasl - Type : ACT_GATHER_INFO
2014-07-30 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0786.nasl - Type : ACT_GATHER_INFO
2014-07-24 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0786.nasl - Type : ACT_GATHER_INFO
2014-07-23 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0913.nasl - Type : ACT_GATHER_INFO
2014-07-22 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0557.nasl - Type : ACT_GATHER_INFO
2014-07-02 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-451.nasl - Type : ACT_GATHER_INFO
2014-06-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2260-1.nasl - Type : ACT_GATHER_INFO
2014-06-26 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-441.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3042.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3041.nasl - Type : ACT_GATHER_INFO
2014-06-23 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3043.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140619_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-20 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0771.nasl - Type : ACT_GATHER_INFO
2014-06-17 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7320.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-375.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0740-1.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote openSUSE host is missing a security update.
File : openSUSE-2014-376.nasl - Type : ACT_GATHER_INFO
2014-06-13 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-124.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20140610_kernel_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-0740.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote Fedora host is missing a security update.
File : fedora_2014-7128.nasl - Type : ACT_GATHER_INFO
2014-06-12 Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2014-0740.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140604.nasl - Type : ACT_GATHER_INFO
2014-06-11 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2014-0740.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3039.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3038.nasl - Type : ACT_GATHER_INFO
2014-06-09 Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2014-3037.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2235-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2949.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2950.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2233-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2234-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2237-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2238-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2239-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2240-1.nasl - Type : ACT_GATHER_INFO
2014-06-06 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2241-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2228-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2226-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2225-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2224-1.nasl - Type : ACT_GATHER_INFO
2014-05-28 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2223-1.nasl - Type : ACT_GATHER_INFO
2014-05-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2221-1.nasl - Type : ACT_GATHER_INFO
2014-05-27 Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2220-1.nasl - Type : ACT_GATHER_INFO
2014-05-27 Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-2219-1.nasl - Type : ACT_GATHER_INFO
2014-05-22 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6354.nasl - Type : ACT_GATHER_INFO
2014-05-19 Name : The remote Fedora host is missing a security update.
File : fedora_2014-6357.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2928.nasl - Type : ACT_GATHER_INFO
2014-05-16 Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_kernel-140513.nasl - Type : ACT_GATHER_INFO
2014-05-13 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2926.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-11-08 13:32:08
  • Multiple Updates
2014-06-26 21:24:10
  • First insertion