Medium: kernel

Issue Overview:

The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory consumption) via a flood of ICMPv6 Router Advertisement packets.

drivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable buffers are disabled, does not properly validate packet lengths, which allows guest OS users to cause a denial of service (memory corruption and host OS crash) or possibly gain privileges on the host OS via crafted packets, related to the handle_rx and get_rx_bufs functions.

net/netfilter/nf_conntrack_proto_dccp.c in the Linux kernel through 3.13.6 uses a DCCP header pointer incorrectly, which allows remote attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a DCCP packet that triggers a call to the (1) dccp_new, (2) dccp_packet, or (3) dccp_error function.

The get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem in the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise Linux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which allows guest OS users to cause a denial of service (host OS crash) via unspecified vectors.

Affected Packages:

kernel

Issue Correction:
Run yum update kernel to update your system. You will need to reboot your system in order for the new kernel to be running.

New Packages:

i686:  
    kernel-3.10.37-47.135.amzn1.i686  
    perf-debuginfo-3.10.37-47.135.amzn1.i686  
    kernel-debuginfo-3.10.37-47.135.amzn1.i686  
    perf-3.10.37-47.135.amzn1.i686  
    kernel-debuginfo-common-i686-3.10.37-47.135.amzn1.i686  
    kernel-devel-3.10.37-47.135.amzn1.i686  
    kernel-headers-3.10.37-47.135.amzn1.i686  
  
noarch:  
    kernel-doc-3.10.37-47.135.amzn1.noarch  
  
src:  
    kernel-3.10.37-47.135.amzn1.src  
  
x86_64:  
    perf-debuginfo-3.10.37-47.135.amzn1.x86_64  
    kernel-debuginfo-common-x86_64-3.10.37-47.135.amzn1.x86_64  
    kernel-debuginfo-3.10.37-47.135.amzn1.x86_64  
    kernel-3.10.37-47.135.amzn1.x86_64  
    kernel-headers-3.10.37-47.135.amzn1.x86_64  
    perf-3.10.37-47.135.amzn1.x86_64  
    kernel-devel-3.10.37-47.135.amzn1.x86_64  

Additional References

Red Hat: CVE-2014-0055, CVE-2014-0077, CVE-2014-2309, CVE-2014-2523

Mitre: CVE-2014-0055, CVE-2014-0077, CVE-2014-2309, CVE-2014-2523