Lucene search

K
centosCentOS ProjectCESA-2015:0164
HistoryFeb 11, 2015 - 5:47 a.m.

kernel security update

2015-02-1105:47:40
CentOS Project
lists.centos.org
79

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

0.4%

CentOS Errata and Security Advisory CESA-2015:0164

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

  • A flaw was found in the way the Linux kernel’s splice() system call
    validated its parameters. On certain file systems, a local, unprivileged
    user could use this flaw to write past the maximum file size, and thus
    crash the system. (CVE-2014-7822, Moderate)

Red Hat would like to thank Akira Fujita of NEC for reporting this issue.

This update also fixes the following bugs:

  • Previously, hot-unplugging of a virtio-blk device could in some cases
    lead to a kernel panic, for example during in-flight I/O requests.
    This update fixes race condition in the hot-unplug code in the
    virtio_blk.ko module. As a result, hot unplugging of the virtio-blk device
    no longer causes the guest kernel oops when there are in-flight I/O
    requests. (BZ#1006536)

  • Before this update, due to a bug in the error-handling path, a corrupted
    metadata block could be used as a valid block. With this update, the error
    handling path has been fixed and more checks have been added to verify the
    metadata block. Now, when a corrupted metadata block is encountered, it is
    properly marked as corrupted and handled accordingly. (BZ#1034403)

  • Previously, an incorrectly initialized variable resulted in a random
    value being stored in the variable that holds the number of default ACLs,
    and is sent in the SET_PATH_INFO data structure. Consequently, the setfacl
    command could, under certain circumstances, fail with an “Invalid argument”
    error. With this update, the variable is correctly initialized to zero,
    thus fixing the bug. (BZ#1105625)

All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2015-February/083094.html

Affected packages:
kernel
kernel-PAE
kernel-PAE-devel
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-headers
kernel-xen
kernel-xen-devel

Upstream details at:
https://access.redhat.com/errata/RHSA-2015:0164

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS

0

Percentile

0.4%