https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-5238 Lustre <ul> <li>A flaw was found in the way the Linux kernel's futex subsystem handled<br/> the requeuing of certain Priority Inheritance (PI) futexes. A local,<br/> unprivileged user could use this flaw to escalate their privileges on the<br/> system. (CVE-2014-3153, Important)</li> </ul> <ul> <li>A flaw was found in the way the Linux kernel's floppy driver handled user<br/> space provided data in certain error code paths while processing FDRAWCMD<br/> IOCTL commands. A local user with write access to /dev/fdX could use this<br/> flaw to free (using the kfree() function) arbitrary kernel memory.<br/> (CVE-2014-1737, Important)</li> </ul> <ul> <li>It was found that the Linux kernel's floppy driver leaked internal kernel<br/> memory addresses to user space during the processing of the FDRAWCMD IOCTL<br/> command. A local user with write access to /dev/fdX could use this flaw to<br/> obtain information about the kernel heap arrangement. (CVE-2014-1738, Low)</li> </ul> <p>Note: A local user with write access to /dev/fdX could use these two flaws<br/> (CVE-2014-1737 in combination with CVE-2014-1738) to escalate their<br/> privileges on the system.</p> <ul> <li>It was discovered that the proc_ns_follow_link() function did not<br/> properly return the LAST_BIND value in the last pathname component as is<br/> expected for procfs symbolic links, which could lead to excessive freeing<br/> of memory and consequent slab corruption. A local, unprivileged user could<br/> use this flaw to crash the system. (CVE-2014-0203, Moderate)</li> </ul> <ul> <li>A flaw was found in the way the Linux kernel handled exceptions when<br/> user-space applications attempted to use the linkage stack. On IBM S/390<br/> systems, a local, unprivileged user could use this flaw to crash the<br/> system. (CVE-2014-2039, Moderate)</li> </ul> <ul> <li>An invalid pointer dereference flaw was found in the Marvell 8xxx<br/> Libertas WLAN (libertas) driver in the Linux kernel. A local user able to<br/> write to a file that is provided by the libertas driver and located on the<br/> debug file system (debugfs) could use this flaw to crash the system. Note:<br/> The debugfs file system must be mounted locally to exploit this issue.<br/> It is not mounted by default. (CVE-2013-6378, Low)</li> </ul> <ul> <li>A denial of service flaw was discovered in the way the Linux kernel's<br/> SELinux implementation handled files with an empty SELinux security<br/> context. A local user who has the CAP_MAC_ADMIN capability could use this<br/> flaw to crash the system. (CVE-2014-1874, Low)</li> </ul> LU-5238

Kernel update [RHEL6.5 2.6.32-431.20.3.el6]

Bug Major Resolved Fixed Bob Glossman Bob Glossman Fri, 20 Jun 2014 15:51:08 +0000 Wed, 13 Aug 2014 22:21:57 +0000 Wed, 16 Jul 2014 15:15:03 +0000 Lustre 2.6.0 Lustre 2.6.0 0 2 <p>in master<br/> <a href="http://review.whamcloud.com/10875" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/10875</a><br/> in b2_5<br/> <a href="http://review.whamcloud.com/10876" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/10876</a></p> <p>Patch landed to Master. Backport to b2_5 is being tracked to land outside of this ticket.</p> Blocker Development Rank 1|hzwplj: Rank (Obsolete) 14604 Severity