[LU-5238] Kernel update [RHEL6.5 2.6.32-431.20.3.el6] Created: 20/Jun/14  Updated: 13/Aug/14  Resolved: 16/Jul/14

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: Lustre 2.6.0
Fix Version/s: Lustre 2.6.0

Type: Bug Priority: Major
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Blocker
Severity: 3
Rank (Obsolete): 14604

 Description   
  • A flaw was found in the way the Linux kernel's futex subsystem handled
    the requeuing of certain Priority Inheritance (PI) futexes. A local,
    unprivileged user could use this flaw to escalate their privileges on the
    system. (CVE-2014-3153, Important)
  • A flaw was found in the way the Linux kernel's floppy driver handled user
    space provided data in certain error code paths while processing FDRAWCMD
    IOCTL commands. A local user with write access to /dev/fdX could use this
    flaw to free (using the kfree() function) arbitrary kernel memory.
    (CVE-2014-1737, Important)
  • It was found that the Linux kernel's floppy driver leaked internal kernel
    memory addresses to user space during the processing of the FDRAWCMD IOCTL
    command. A local user with write access to /dev/fdX could use this flaw to
    obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)

Note: A local user with write access to /dev/fdX could use these two flaws
(CVE-2014-1737 in combination with CVE-2014-1738) to escalate their
privileges on the system.

  • It was discovered that the proc_ns_follow_link() function did not
    properly return the LAST_BIND value in the last pathname component as is
    expected for procfs symbolic links, which could lead to excessive freeing
    of memory and consequent slab corruption. A local, unprivileged user could
    use this flaw to crash the system. (CVE-2014-0203, Moderate)
  • A flaw was found in the way the Linux kernel handled exceptions when
    user-space applications attempted to use the linkage stack. On IBM S/390
    systems, a local, unprivileged user could use this flaw to crash the
    system. (CVE-2014-2039, Moderate)
  • An invalid pointer dereference flaw was found in the Marvell 8xxx
    Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
    write to a file that is provided by the libertas driver and located on the
    debug file system (debugfs) could use this flaw to crash the system. Note:
    The debugfs file system must be mounted locally to exploit this issue.
    It is not mounted by default. (CVE-2013-6378, Low)
  • A denial of service flaw was discovered in the way the Linux kernel's
    SELinux implementation handled files with an empty SELinux security
    context. A local user who has the CAP_MAC_ADMIN capability could use this
    flaw to crash the system. (CVE-2014-1874, Low)

 Comments   
Comment by Bob Glossman (Inactive) [ 27/Jun/14 ]

in master
http://review.whamcloud.com/10875
in b2_5
http://review.whamcloud.com/10876

Comment by Jodi Levi (Inactive) [ 16/Jul/14 ]

Patch landed to Master. Backport to b2_5 is being tracked to land outside of this ticket.

Generated at Sat Feb 10 01:49:43 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.