Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5238

Kernel update [RHEL6.5 2.6.32-431.20.3.el6]

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Lustre 2.6.0
    • Fix Version/s: Lustre 2.6.0
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      14604

      Description

      • A flaw was found in the way the Linux kernel's futex subsystem handled
        the requeuing of certain Priority Inheritance (PI) futexes. A local,
        unprivileged user could use this flaw to escalate their privileges on the
        system. (CVE-2014-3153, Important)
      • A flaw was found in the way the Linux kernel's floppy driver handled user
        space provided data in certain error code paths while processing FDRAWCMD
        IOCTL commands. A local user with write access to /dev/fdX could use this
        flaw to free (using the kfree() function) arbitrary kernel memory.
        (CVE-2014-1737, Important)
      • It was found that the Linux kernel's floppy driver leaked internal kernel
        memory addresses to user space during the processing of the FDRAWCMD IOCTL
        command. A local user with write access to /dev/fdX could use this flaw to
        obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

      Note: A local user with write access to /dev/fdX could use these two flaws
      (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
      privileges on the system.

      • It was discovered that the proc_ns_follow_link() function did not
        properly return the LAST_BIND value in the last pathname component as is
        expected for procfs symbolic links, which could lead to excessive freeing
        of memory and consequent slab corruption. A local, unprivileged user could
        use this flaw to crash the system. (CVE-2014-0203, Moderate)
      • A flaw was found in the way the Linux kernel handled exceptions when
        user-space applications attempted to use the linkage stack. On IBM S/390
        systems, a local, unprivileged user could use this flaw to crash the
        system. (CVE-2014-2039, Moderate)
      • An invalid pointer dereference flaw was found in the Marvell 8xxx
        Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
        write to a file that is provided by the libertas driver and located on the
        debug file system (debugfs) could use this flaw to crash the system. Note:
        The debugfs file system must be mounted locally to exploit this issue.
        It is not mounted by default. (CVE-2013-6378, Low)
      • A denial of service flaw was discovered in the way the Linux kernel's
        SELinux implementation handled files with an empty SELinux security
        context. A local user who has the CAP_MAC_ADMIN capability could use this
        flaw to crash the system. (CVE-2014-1874, Low)

        Attachments

          Activity

            People

            • Assignee:
              bogl Bob Glossman (Inactive)
              Reporter:
              bogl Bob Glossman (Inactive)
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: