Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:31407
HistoryNov 30, 2014 - 12:00 a.m.

[ MDVSA-2014:230 ] kernel

2014-11-3000:00:00
vulners.com
30
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mandriva Linux Security Advisory MDVSA-2014:230
http://www.mandriva.com/en/support/security/

Package : kernel
Date : November 27, 2014
Affected: Business Server 1.0

Problem Description:

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The WRMSR processing functionality in the KVM subsystem in the
Linux kernel through 3.17.2 does not properly handle the writing of a
non-canonical address to a model-specific register, which allows guest
OS users to cause a denial of service (host OS crash) by leveraging
guest OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).

Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS
crash) by leveraging incorrect PIT emulation (CVE-2014-3611).

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.12 does not have an exit handler for the INVEPT instruction, which
allows guest OS users to cause a denial of service (guest OS crash)
via a crafted application (CVE-2014-3645).

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through
3.17.2 does not have an exit handler for the INVVPID instruction,
which allows guest OS users to cause a denial of service (guest OS
crash) via a crafted application (CVE-2014-3646).

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel
through 3.17.2 does not properly perform RIP changes, which allows
guest OS users to cause a denial of service (guest OS crash) via a
crafted application (CVE-2014-3647).

The SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (system crash) via
a malformed ASCONF chunk, related to net/sctp/sm_make_chunk.c and
net/sctp/sm_statefuns.c (CVE-2014-3673).

The sctp_assoc_lookup_asconf_ack function in net/sctp/associola.c
in the SCTP implementation in the Linux kernel through 3.17.2 allows
remote attackers to cause a denial of service (panic) via duplicate
ASCONF chunks that trigger an incorrect uncork within the side-effect
interpreter (CVE-2014-3687).

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before
3.17.2 on Intel processors does not ensure that the value in the CR4
control register remains the same after a VM entry, which allows host
OS users to kill arbitrary processes or cause a denial of service
(system disruption) by leveraging /dev/kvm access, as demonstrated by
PR_SET_TSC prctl calls within a modified copy of QEMU (CVE-2014-3690).

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
perf subsystem, which allows local users to cause a denial of service
(out-of-bounds read and OOPS) or bypass the ASLR protection mechanism
via a crafted application (CVE-2014-7825).

kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2
does not properly handle private syscall numbers during use of the
ftrace subsystem, which allows local users to gain privileges or
cause a denial of service (invalid pointer dereference) via a crafted
application (CVE-2014-7826).

The pivot_root implementation in fs/namespace.c in the Linux kernel
through 3.17 does not properly interact with certain locations of
a chroot directory, which allows local users to cause a denial of
service (mount-tree loop) via . (dot) values in both arguments to
the pivot_root system call (CVE-2014-7970).

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux
kernel through 3.17.2 miscalculates the number of pages during
the handling of a mapping failure, which allows guest OS users to
cause a denial of service (host OS page unpinning) or possibly have
unspecified other impact by leveraging guest OS privileges. NOTE: this
vulnerability exists because of an incorrect fix for CVE-2014-3601
(CVE-2014-8369).

The updated packages provides a solution for these security issues.

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3611
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3645
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7970
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369

Updated Packages:

Mandriva Business Server 1/X86_64:
844335653b0d9e326bd0a216f3ea302d mbs1/x86_64/cpupower-3.4.104-2.1.mbs1.x86_64.rpm
0944cdafdcb39a677b01248786a2a57b mbs1/x86_64/kernel-firmware-3.4.104-2.1.mbs1.noarch.rpm
ba7ff021bc473448d12f34507ed3c421 mbs1/x86_64/kernel-headers-3.4.104-2.1.mbs1.x86_64.rpm
c5da0b82ad77b075f6ce0390cafe4529 mbs1/x86_64/kernel-server-3.4.104-2.1.mbs1.x86_64.rpm
818764027cea7651b6eed4bdaefcb689 mbs1/x86_64/kernel-server-devel-3.4.104-2.1.mbs1.x86_64.rpm
fb73af4d10dbfb744772697aeded569d mbs1/x86_64/kernel-source-3.4.104-2.mbs1.noarch.rpm
cb9483eb41b264e9c0844098912dc303 mbs1/x86_64/lib64cpupower0-3.4.104-2.1.mbs1.x86_64.rpm
bca76ebdff84f3fcb662ed40f337dab2 mbs1/x86_64/lib64cpupower-devel-3.4.104-2.1.mbs1.x86_64.rpm
dd64b01e869b7cfb3c565310d4bcd445 mbs1/x86_64/perf-3.4.104-2.1.mbs1.x86_64.rpm
06db298a74aae5b928698a4ab1c5caf9 mbs1/SRPMS/cpupower-3.4.104-2.1.mbs1.src.rpm
096237c036ac96f145cce3045968ee53 mbs1/SRPMS/kernel-firmware-3.4.104-2.1.mbs1.src.rpm
b28b50590a939c293d1f5b47a210a4d3 mbs1/SRPMS/kernel-headers-3.4.104-2.1.mbs1.src.rpm
d6b2dd0334645247996a487d5b946fdc mbs1/SRPMS/kernel-server-3.4.104-2.1.mbs1.src.rpm
7457a1bb39e640bebe34b68857e04b54 mbs1/SRPMS/kernel-source-3.4.104-2.mbs1.src.rpm
45b43544167a6e121148276e9ddb6a49 mbs1/SRPMS/perf-3.4.104-2.1.mbs1.src.rpm

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/en/support/security/advisories/

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iD8DBQFUdtH/mqjQ0CJFipgRAmCdAJ9EMBSGdIrGawNjl72V8cYCHhZhMgCg5g4t
uKrF0GIY2y6H1sJCQMF3rZU=
=MIBL
-----END PGP SIGNATURE-----

Related

nessus 60
archlinux 2
securityvulns 3
debian 2
openvas 32
osv 1
fedora 2
mageia 11
ubuntu 15
prion 6
oraclelinux 12
f5 12
cve 6
ubuntucve 6
debiancve 6
centos 5
redhat 11
suse 4
veracode 3
nessus
nessus
Mandriva Linux Security Advisory : kernel (MDVSA-2014:230)
2014-11-28 00:00:00
Fedora 19 : kernel-3.14.23-100.fc19 (2014-14068)
2014-11-17 00:00:00
Debian DSA-3060-1 : linux - security update
2014-11-03 00:00:00
archlinux
archlinux
linux-lts: local denial of service, privilege escalation
2014-11-17 00:00:00
linux: local denial of service, privilege escalation
2014-11-17 00:00:00
securityvulns
securityvulns
Linux kernel multiple security vulnerabilities
2014-11-30 00:00:00
[SECURITY] [DSA 3060-1] linux security update
2014-11-03 00:00:00
[USN-2394-1] Linux kernel &#40;Trusty HWE&#41; vulnerabilities
2014-11-03 00:00:00
debian
debian
[SECURITY] [DSA 3060-1] linux security update
2014-10-31 15:41:41
[SECURITY] [DSA 3060-1] linux security update
2014-10-31 15:41:41
openvas
openvas
Debian Security Advisory DSA 3060-1 (linux - security update)
2014-10-31 00:00:00
Debian Security Advisory DSA 3060-1 (linux - security update)
2014-10-31 00:00:00
Ubuntu Update for linux USN-2396-1
2014-11-11 00:00:00
osv
osv
linux - security update
2014-10-31 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: kernel-3.17.2-300.fc21
2014-11-03 05:23:10
[SECURITY] Fedora 21 Update: kernel-3.17.3-300.fc21
2014-11-18 12:17:53
mageia
mageia
Updated kernel packages fix security vulnerabilities
2014-11-21 15:44:16
Updated kernel packages fix security vulnerabilities
2014-11-21 15:44:16
Updated kernel packages fix security vulnerabilities
2014-11-15 21:31:46
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2014-11-25 00:00:00
Linux kernel vulnerabilities
2014-10-31 00:00:00
Linux kernel vulnerabilities
2014-11-25 00:00:00
prion
prion
Design/Logic Flaw
2014-11-10 11:55:00
Code injection
2014-10-13 10:55:00
Null pointer dereference
2014-11-10 11:55:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2015-03-13 00:00:00
Unbreakable Enterprise kernel security update
2015-03-13 00:00:00
Unbreakable Enterprise kernel security update
2014-11-13 00:00:00
f5
f5
K15910 : Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687
2015-09-16 00:00:00
K15912 : Linux kernel driver vulnerabilities CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, and CVE-2014-3646
2015-01-31 00:00:00
SOL15910 - Linux kernel SCTP vulnerabilities CVE-2014-3673 and CVE-2014-3687
2014-12-15 00:00:00
cve
cve
CVE-2014-8369
2014-11-10 11:55:00
CVE-2014-7825
2014-11-10 11:55:00
CVE-2014-7970
2014-10-13 10:55:00
ubuntucve
ubuntucve
CVE-2014-8369
2014-11-10 00:00:00
CVE-2014-7970
2014-10-13 00:00:00
CVE-2014-7826
2014-11-10 00:00:00
debiancve
debiancve
CVE-2014-8369
2014-11-10 11:55:00
CVE-2014-7825
2014-11-10 11:55:00
CVE-2014-3687
2014-11-10 11:55:00
centos
centos
kernel, perf, python security update
2014-11-11 19:31:00
kmod, kvm security update
2015-04-22 14:47:16
kernel, perf, python security update
2014-10-29 02:12:28
redhat
redhat
(RHSA-2014:1843) Important: kernel security and bug fix update
2014-11-11 00:00:00
(RHSA-2015:0869) Important: kvm security update
2015-04-22 00:00:00
(RHSA-2014:1724) Important: kernel security and bug fix update
2014-10-28 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2015-01-16 14:05:04
Security update for Linux Kernel (important)
2014-12-21 13:12:48
Security update for Linux kernel (important)
2014-12-24 08:08:49
veracode
veracode
Denial Of Service (DoS)
2019-01-15 09:19:07
Denial Of Service (DoS)
2019-05-02 05:05:48
Privilege Escalation
2019-05-02 05:05:48
JSON
Related for SECURITYVULNS:DOC:31407
nessus60archlinux2securityvulns3debian2openvas32osv1fedora2mageia11ubuntu15prion6oraclelinux12f512cve6ubuntucve6debiancve6centos5redhat11suse4veracode3