[LU-6698] Kernel update [RHEL6.6 2.6.32-504.23.4.el6] Created: 09/Jun/15  Updated: 12/Aug/15  Resolved: 19/Jun/15

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: Lustre 2.8.0

Type: Bug Priority: Minor
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   
  • It was found that the Linux kernel's Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions from
    user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-8159,
    Important)
  • It was found that the Linux kernel's implementation of vectored pipe read
    and write functionality did not take into account the I/O vectors that were
    already processed when retrying after a failed atomic access operation,
    potentially resulting in memory corruption due to an I/O vector array
    overrun. A local, unprivileged user could use this flaw to crash the system
    or, potentially, escalate their privileges on the system. (CVE-2015-1805,
    Important)
  • A buffer overflow flaw was found in the way the Linux kernel's Intel
    AES-NI instructions optimized version of the RFC4106 GCM mode decryption
    functionality handled fragmented packets. A remote attacker could use this
    flaw to crash, or potentially escalate their privileges on, a system over a
    connection with an active AES-GCM mode IPSec security association.
    (CVE-2015-3331, Important)
  • An information leak flaw was found in the way the Linux kernel changed
    certain segment registers and thread-local storage (TLS) during a context
    switch. A local, unprivileged user could use this flaw to leak the user
    space TLS base address of an arbitrary process. (CVE-2014-9419, Low)
  • It was found that the Linux kernel's ISO file system implementation did
    not correctly limit the traversal of Rock Ridge extension Continuation
    Entries (CE). An attacker with physical access to the system could use this
    flaw to trigger an infinite loop in the kernel, resulting in a denial of
    service. (CVE-2014-9420, Low)
  • An information leak flaw was found in the way the Linux kernel's Virtual
    Dynamic Shared Object (vDSO) implementation performed address
    randomization. A local, unprivileged user could use this flaw to leak
    kernel memory addresses to user-space. (CVE-2014-9585, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1175235 - CVE-2014-9420 Kernel: fs: isofs: infinite loop in CE record entries
1177260 - CVE-2014-9419 kernel: partial ASLR bypass through TLS base addresses leak
1181054 - CVE-2014-9585 kernel: ASLR bruteforce possible for vdso library
1181166 - CVE-2014-8159 kernel: infiniband: uverbs: unprotected physical memory access
1202855 - CVE-2015-1805 kernel: pipe: iovec overrun leading to memory corruption
1213322 - CVE-2015-3331 Kernel: crypto: buffer overruns in RFC4106 implementation using AESNI

 Comments   
Comment by Gerrit Updater [ 10/Jun/15 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: http://review.whamcloud.com/15198
Subject: LU-6698 kernel: kernel update RHEL 6.6 [2.6.32-504.23.4.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: ee30931ab0eb04fc3a59c83a817f445b776c8169

Comment by Gerrit Updater [ 19/Jun/15 ]

Oleg Drokin (oleg.drokin@intel.com) merged in patch http://review.whamcloud.com/15198/
Subject: LU-6698 kernel: kernel update RHEL 6.6 [2.6.32-504.23.4.el6]
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 473bc6473eb8d6d78069a561dbe035e795d8b7e2

Comment by Peter Jones [ 19/Jun/15 ]

Landed for 2.8

Generated at Sat Feb 10 02:02:28 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.