Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
3
-
15662
Description
- A flaw was found in the way the Linux kernel's futex subsystem handled
reference counting when requeuing futexes during futex_wait(). A local,
unprivileged user could use this flaw to zero out the reference counter of
an inode or an mm struct that backs up the memory area of the futex, which
could lead to a use-after-free flaw, resulting in a system crash or,
potentially, privilege escalation. (CVE-2014-0205, Important)
- A NULL pointer dereference flaw was found in the way the Linux kernel's
networking implementation handled logging while processing certain invalid
packets coming in via a VxLAN interface. A remote attacker could use this
flaw to crash the system by sending a specially crafted packet to such an
interface. (CVE-2014-3535, Important)
- An out-of-bounds memory access flaw was found in the Linux kernel's
system call auditing implementation. On a system with existing audit rules
defined, a local, unprivileged user could use this flaw to leak kernel
memory to user space or, potentially, crash the system. (CVE-2014-3917,
Moderate)
- An integer underflow flaw was found in the way the Linux kernel's Stream
Control Transmission Protocol (SCTP) implementation processed certain
COOKIE_ECHO packets. By sending a specially crafted SCTP packet, a remote
attacker could use this flaw to prevent legitimate connections to a
particular SCTP server socket to be made. (CVE-2014-4667, Moderate)
Bugs fixed (https://bugzilla.redhat.com/):
1094455 - CVE-2014-0205 kernel: futex: refcount issue in case of requeue
1102571 - CVE-2014-3917 kernel: DoS with syscall auditing
1113967 - CVE-2014-4667 kernel: sctp: sk_ack_backlog wrap-around problem
1114540 - CVE-2014-3535 Kernel: netdevice.h: NULL pointer dereference over VxLAN