5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.6%
This kernel update is based on upstream -longterm 3.14.23 and fixes the following security issues: The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) cause a denial of service (host OS memory corruption) or possibly have unspecified other impact by triggering a large gfn value or (2) cause a denial of service (host OS memory consumption) by triggering a small gfn value that leads to permanently pinned pages (CVE-2014-3601). The assoc_array_gc function in the associative-array implementation in lib/assoc_array.c in the Linux kernel before 3.16.3 does not properly implement garbage collection, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via multiple “keyctl newring” operations followed by a “keyctl timeout” operation (CVE-2014-3631). The pivot_root implementation in fs/namespace.c in the Linux kernel through 3.17 does not properly interact with certain locations of a chroot directory, which allows local users to cause a denial of service (mount-tree loop) via . (dot) values in both arguments to the pivot_root system call (CVE-2014-7970). The do_umount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAP_SYS_ADMIN capability for do_remount_sb calls that change the root filesystem to read-only, which allows local users to cause a denial of service (loss of writability) by making certain unshare system calls, clearing the / MNT_LOCKED flag, and making an MNT_FORCE umount system call (CVE-2014-7975). Other fixes: The X86_SYSFB config option has been disabled as it prevents proper KMS setup on some systems (mga#13098) The cpupower default governor has been switched from ondemand to performance as the intel_pstate driver (used on newer Intel cpus) does not support ondemand target. For other fixes included in this update, read the referenced changelogs.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 4 | noarch | kernel | < 3.14.23-1 | kernel-3.14.23-1.mga4 |
Mageia | 4 | noarch | kernel-userspace-headers | < 3.14.23-1 | kernel-userspace-headers-3.14.23-1.mga4 |
Mageia | 4 | noarch | kmod-xtables-addons | < 2.5-6 | kmod-xtables-addons-2.5-6.mga4 |
Mageia | 4 | noarch | rpm-mageia-setup | < 1.197-1.1 | rpm-mageia-setup-1.197-1.1.mga4 |
Mageia | 4 | noarch | kmod-broadcom-wl | < 6.30.223.141-41 | kmod-broadcom-wl-6.30.223.141-41.mga4.nonfree |
Mageia | 4 | noarch | kmod-fglrx | < 14.010.1006-11 | kmod-fglrx-14.010.1006-11.mga4.nonfree |
Mageia | 4 | noarch | kmod-nvidia173 | < 173.14.39-26 | kmod-nvidia173-173.14.39-26.mga4.nonfree |
Mageia | 4 | noarch | kmod-nvidia-current | < 331.79-11 | kmod-nvidia-current-331.79-11.mga4.nonfree |
bugs.mageia.org/show_bug.cgi?id=13098
bugs.mageia.org/show_bug.cgi?id=14301
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.19
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.20
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.21
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.22
www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.23
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.002 Low
EPSS
Percentile
60.6%