Open main menu

OpenVZ Virtuozzo Containers Wiki β

Changes

Download/kernel/rhel6/042stab131.1/changes

4,566 bytes added, 14:00, 25 June 2018
Created page with "== Changes == Since {{kernel link|rhel6|042stab130.1}}: * Rebase to RHEL6u10 kernel 2.6.32-754.el6 * '''[Important]''' The do_get_mempolicy() function in 'mm/mempolicy.c' in..."
== Changes ==
Since {{kernel link|rhel6|042stab130.1}}:

* Rebase to RHEL6u10 kernel 2.6.32-754.el6
* '''[Important]''' The do_get_mempolicy() function in 'mm/mempolicy.c' in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2018-10675)
* '''[Moderate]''' It was found that AIO interface didn't use the proper rw_verify_area() helper function with extended functionality, for example, mandatory locking on the file. Also rw_verify_area() makes extended checks, for example, that the size of the access doesn't cause overflow of the provided offset limits. This integer overflow in fs/aio.c in the Linux kernel before 3.4.1 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. (CVE-2012-6701)
* '''[Moderate]''' Integer overflow in the aio_setup_single_vector function in fs/aio.c in the Linux kernel 4.0 allows local users to cause a denial of service or possibly have unspecified other impact via a large AIO iovec. NOTE: this vulnerability exists because of a CVE-2012-6701 regression. (CVE-2015-8830)
* '''[Moderate]''' A flaw was found in the Linux kernel key management subsystem in which a local attacker could crash the kernel or corrupt the stack and additional memory (denial of service) by supplying a specially crafted RSA key. This flaw panics the machine during the verification of the RSA key. (CVE-2016-8650)
* '''[Moderate]''' A race condition leading to a NULL pointer dereference was found in the Linux kernel's Link Layer Control implementation. A local attacker with access to ping sockets could use this flaw to crash the system. (CVE-2017-2671)
* '''[Moderate]''' It was found that the original fix for CVE-2016-6786 was incomplete. There exist a race between two concurrent sys_perf_event_open() calls when both try and move the same pre-existing software group into a hardware context. (CVE-2017-6001)
* '''[Moderate]''' Incorrect error handling in the set_mempolicy() and mbind() compat syscalls in 'mm/mempolicy.c' in the Linux kernel allows local users to obtain sensitive information from uninitialized stack data by triggering failure of a certain bitmap operation. (CVE-2017-7616)
* '''[Moderate]''' The mm subsystem in the Linux kernel through 4.10.10 does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism, which allows local users to read or write to kernel memory locations in the first megabyte (and bypass slab-allocation access restrictions) via an application that opens the /dev/mem file, related to arch/x86/mm/init.c and drivers/char/mem.c. (CVE-2017-7889)
* '''[Moderate]''' It was found that in the Linux kernel through v4.14-rc5, bio_map_user_iov() and bio_unmap_user() in 'block/bio.c' do unbalanced pages refcounting if IO vector has small consecutive buffers belonging to the same page. bio_add_pc_page() merges them into one, but the page reference is never dropped, causing a memory leak and possible system lockup due to out-of-memory condition. (CVE-2017-12190)
* '''[Moderate]''' The Linux kernel, before version 4.14.3, is vulnerable to a denial of service in drivers/md/dm.c:dm_get_from_kobject() which can be caused by local users leveraging a race condition with __dm_destroy() during creation and removal of DM devices. Only privileged local users (with CAP_SYS_ADMIN capability) can directly perform the ioctl operations for dm device creation and removal and this would typically be outside the direct control of the unprivileged attacker. (CVE-2017-18203)
*'''[Moderate]''' An error in the "_sctp_make_chunk()" function (net/sctp/sm_make_chunk.c) when handling SCTP, packet length can be exploited by a malicious local user to cause a kernel crash and a DoS. (CVE-2018-5803)
* '''[Low]''' Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c in the Linux kernel allows local users to cause a denial of service (kernel memory exhaustion) via multiple read accesses to files in the /sys/class/sas_phy directory. (CVE-2018-7757)
* Reloading the nf_conntrack module could result in node crash. (PSBM-85938)

=== See also ===
* {{RHSA|2018-1854}}
* {{CVE|2012-6701}}
* {{CVE|2015-8830}}
* {{CVE|2016-8650}}
* {{CVE|2017-2671}}
* {{CVE|2017-6001}}
* {{CVE|2017-7616}}
* {{CVE|2017-7889}}
* {{CVE|2017-12190}}
* {{CVE|2017-18203}}
* {{CVE|2018-5803}}
* {{CVE|2018-7757}}
* {{CVE|2018-10675}}