Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-5740

Kernel upgrade [RHEL6.6 2.6.32-504.el6]

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Fixed
    • None
    • Lustre 2.7.0
    • None
    • 3
    • 16113

    Description

      • A NULL pointer dereference flaw was found in the way the Linux kernel's
        Stream Control Transmission Protocol (SCTP) implementation handled
        simultaneous connections between the same hosts. A remote attacker could
        use this flaw to crash the system. (CVE-2014-5077, Important)
      • An integer overflow flaw was found in the way the Linux kernel's Frame
        Buffer device implementation mapped kernel memory to user space via the
        mmap syscall. A local user able to access a frame buffer device file
        (/dev/fb*) could possibly use this flaw to escalate their privileges on the
        system. (CVE-2013-2596, Important)
      • A flaw was found in the way the ipc_rcu_putref() function in the Linux
        kernel's IPC implementation handled reference counter decrementing.
        A local, unprivileged user could use this flaw to trigger an Out of Memory
        (OOM) condition and, potentially, crash the system. (CVE-2013-4483,
        Moderate)
      • It was found that the permission checks performed by the Linux kernel
        when a netlink message was received were not sufficient. A local,
        unprivileged user could potentially bypass these restrictions by passing a
        netlink socket as stdout or stderr to a more privileged process and
        altering the output of this process. (CVE-2014-0181, Moderate)
      • It was found that the try_to_unmap_cluster() function in the Linux
        kernel's Memory Managment subsystem did not properly handle page locking in
        certain cases, which could potentially trigger the BUG_ON() macro in the
        mlock_vma_page() function. A local, unprivileged user could use this flaw
        to crash the system. (CVE-2014-3122, Moderate)
      • A flaw was found in the way the Linux kernel's kvm_iommu_map_pages()
        function handled IOMMU mapping failures. A privileged user in a guest with
        an assigned host device could use this flaw to crash the host.
        (CVE-2014-3601, Moderate)
      • Multiple use-after-free flaws were found in the way the Linux kernel's
        Advanced Linux Sound Architecture (ALSA) implementation handled user
        controls. A local, privileged user could use either of these flaws to crash
        the system. (CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, Moderate)
      • A flaw was found in the way the Linux kernel's VFS subsystem handled
        reference counting when performing unmount operations on symbolic links.
        A local, unprivileged user could use this flaw to exhaust all available
        memory on the system or, potentially, trigger a use-after-free error,
        resulting in a system crash or privilege escalation. (CVE-2014-5045,
        Moderate)
      • An integer overflow flaw was found in the way the lzo1x_decompress_safe()
        function of the Linux kernel's LZO implementation processed Literal Runs.
        A local attacker could, in extremely rare cases, use this flaw to crash the
        system or, potentially, escalate their privileges on the system.
        (CVE-2014-4608, Low)

      Bugs fixed (https://bugzilla.redhat.com/):

      1010882 - kvm: backport "Improve create VCPU parameter"
      1024854 - CVE-2013-4483 kernel: ipc: ipc_rcu_putref refcount races
      1027480 - alb_send_learning_packets using an obsolete EtherType
      1030411 - resizing thin-snapshot with external origin should return zeros behind origin's end
      1031488 - Restore the mask bit correctly in eoi_ioapic_irq()
      1034490 - CVE-2013-2596 kernel: integer overflow in fb_mmap
      1036972 - use after free in new nfsd DRC code
      1044438 - cifs: Unable to append to an existing file in cache=none mode.
      1059496 - KVM: x86 emulator: Implement jmp far opcode ff/5
      1063836 - kvm: 23090: cpu0 unhandled wrmsr 0x391 data 2000000f
      1065304 - kernel/sched: incorrect setup of sched_group->cpu_power for NUMA systems
      1069028 - ixgbevf prematurely strips VLAN tags
      1072373 - Along with the increase of vCPUs in guest, and guest OS will spend more time to boot up in specified machine.
      1077463 - gfs2: quotas not refreshed in gfs2_adjust_quota
      1090423 - Data integrity issue on rebuilding RAID 6 with 100MB resync speed
      1093076 - CVE-2014-3122 Kernel: mm: try_to_unmap_cluster() should lock_page() before mlocking
      1094265 - CVE-2014-0181 kernel: net: insufficient permision checks of netlink messages
      1095627 - missing vhost schedule causing thread starvation
      1100523 - ext4 filesystem option 'max_batch_time' actually displays 'min_batch_time' in /proc/mounts
      1113409 - CVE-2014-4653 Kernel: ALSA: control: do not access controls outside of protected regions
      1113445 - CVE-2014-4654 CVE-2014-4655 Kernel: ALSA: control: use-after-free in replacing user controls
      1113899 - CVE-2014-4608 kernel: lzo1x_decompress_safe() integer overflow
      1118123 - [Hyper-V][REHL 6.6] fcopy large file from host to guest failed
      1122472 - CVE-2014-5045 kernel: vfs: refcount issues during unmount on symlink
      1122982 - CVE-2014-5077 Kernel: net: SCTP: fix a NULL pointer dereference during INIT collisions
      1124351 - raid1 Data corruption after recovery with bitmap
      1127231 - dmeventd hanging while handling lost leg in RAID1 LV
      1131951 - CVE-2014-3601 kernel: kvm: invalid parameter passing in kvm_iommu_map_pages()
      739866 - checkpolicy cannot parse /selinux/policy on ppc64 and s390x
      786463 - nfs mount hangs when kerberos ticket expires
      889471 - [Btrfs] BUG: unable to handle kernel NULL pointer dereference at (null) btrfs_get_sb should return error when open_ctree failed
      915862 - The sync mount option does not work for NFSv4 mounts in RHEL6
      997651 - possible recursive locking detected
      998024 - nfsd sometimes grants delegations too soon following conflicting open requests

      Attachments

        Issue Links

          Activity

            People

              bogl Bob Glossman (Inactive)
              bogl Bob Glossman (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: