(RHSA-2014:1025) Important: kernel security and bug fix update
2014-08-06T04:00:00
ID RHSA-2014:1025 Type redhat Reporter RedHat Modified 2015-04-24T14:17:06
Description
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
A flaw was found in the way the pppol2tp_setsockopt() and
pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP
implementation handled requests with a non-SOL_PPPOL2TP socket option
level. A local, unprivileged user could use this flaw to escalate their
privileges on the system. (CVE-2014-4943, Important)
Red Hat would like to thank Sasha Levin for reporting this issue.
This update also fixes the following bug:
When a device was registered to a bus, a race condition could occur
between the device being added to the list of devices of the bus and
binding the device to a driver. As a result, the device could already be
bound to a driver which led to a warning and incorrect reference counting,
and consequently to a kernel panic on device removal. To avoid the race
condition, this update adds a check to identify an already bound device.
(BZ#1114409)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.
{"published": "2014-08-06T04:00:00", "id": "RHSA-2014:1025", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "history": [], "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Sasha Levin for reporting this issue.\n\nThis update also fixes the following bug:\n\n* When a device was registered to a bus, a race condition could occur\nbetween the device being added to the list of devices of the bus and\nbinding the device to a driver. As a result, the device could already be\nbound to a driver which led to a warning and incorrect reference counting,\nand consequently to a kernel panic on device removal. To avoid the race\ncondition, this update adds a check to identify an already bound device.\n(BZ#1114409)\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.redhat.RedHatBulletin", "robots.models.base.Bulletin"], "enchantments": {"vulnersScore": 7.2}, "type": "redhat", "enchantments_done": [], "lastseen": "2016-09-04T11:17:49", "title": "(RHSA-2014:1025) Important: kernel security and bug fix update", "href": "https://access.redhat.com/errata/RHSA-2014:1025", "modified": "2015-04-24T14:17:06", "bulletinFamily": "unix", "viewCount": 3, "cvelist": ["CVE-2014-4943"], "affectedPackage": [{"packageVersion": "2.6.32-220.54.1.el6", "packageName": "python-perf-debuginfo", "packageFilename": "python-perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-devel", "packageFilename": "kernel-devel-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-debug-devel", "packageFilename": "kernel-debug-devel-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel", "packageFilename": "kernel-2.6.32-220.54.1.el6.src.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "src"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "perf", "packageFilename": "perf-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-firmware", "packageFilename": "kernel-firmware-2.6.32-220.54.1.el6.noarch.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "noarch"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-debug-debuginfo", "packageFilename": "kernel-debug-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-headers", "packageFilename": "kernel-headers-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-debug", "packageFilename": "kernel-debug-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-doc", "packageFilename": "kernel-doc-2.6.32-220.54.1.el6.noarch.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "noarch"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-debuginfo-common-x86_64", "packageFilename": "kernel-debuginfo-common-x86_64-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel-debuginfo", "packageFilename": "kernel-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "python-perf", "packageFilename": "python-perf-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "kernel", "packageFilename": "kernel-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}, {"packageVersion": "2.6.32-220.54.1.el6", "packageName": "perf-debuginfo", "packageFilename": "perf-debuginfo-2.6.32-220.54.1.el6.x86_64.rpm", "operator": "lt", "OSVersion": "6", "OS": "RedHat", "arch": "x86_64"}], "references": [], "reporter": "RedHat", "objectVersion": "1.4"}
{"result": {"cve": [{"id": "CVE-2014-4943", "type": "cve", "title": "CVE-2014-4943", "description": "The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux kernel through 3.15.6 allows local users to gain privileges by leveraging data-structure differences between an l2tp socket and an inet socket.", "published": "2014-07-19T15:55:08", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4943", "cvelist": ["CVE-2014-4943"], "lastseen": "2017-08-29T10:48:22"}], "f5": [{"id": "SOL15482", "type": "f5", "title": "SOL15482 - Linux kernel vulnerability CVE-2014-4943", "description": "Recommended Action\n\nNone \n\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents.\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2014-08-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/15000/400/sol15482.html", "cvelist": ["CVE-2014-4943"], "lastseen": "2016-09-26T17:22:56"}], "nessus": [{"id": "FEDORA_2014-8519.NASL", "type": "nessus", "title": "Fedora 20 : kernel-3.15.6-200.fc20 (2014-8519)", "description": "Update to latest upstream stable release, Linux v3.15.6. Fixes across the tree.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2014-07-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76613", "cvelist": ["CVE-2014-4943"], "lastseen": "2017-10-29T13:40:00"}, {"id": "REDHAT-RHSA-2014-1025.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2014:1025)", "description": "Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.2 Advanced Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Sasha Levin for reporting this issue.\n\nThis update also fixes the following bug :\n\n* When a device was registered to a bus, a race condition could occur between the device being added to the list of devices of the bus and binding the device to a driver. As a result, the device could already be bound to a driver which led to a warning and incorrect reference counting, and consequently to a kernel panic on device removal. To avoid the race condition, this update adds a check to identify an already bound device. (BZ#1114409)\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-11-11T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79113", "cvelist": ["CVE-2014-4943"], "lastseen": "2017-10-29T13:36:29"}, {"id": "ORACLELINUX_ELSA-2014-3048.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3048)", "description": "Description of changes:\n\nkernel-uek [2.6.32-400.36.4.el6uek]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699}", "published": "2014-07-20T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76603", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:40:14"}, {"id": "SL_20140723_KERNEL_ON_SL6_X.NASL", "type": "nessus", "title": "Scientific Linux Security Update : kernel on SL6.x i386/x86_64", "description": "* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nThe system must be rebooted for this update to take effect.", "published": "2014-07-25T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76783", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:45:47"}, {"id": "REDHAT-RHSA-2014-0925.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2014:0925)", "description": "Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.4 Extended Update Support.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-11-11T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=79111", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:40:48"}, {"id": "REDHAT-RHSA-2014-0924.NASL", "type": "nessus", "title": "RHEL 6 : kernel (RHSA-2014:0924)", "description": "Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-07-24T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76750", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:39:05"}, {"id": "CENTOS_RHSA-2014-0924.NASL", "type": "nessus", "title": "CentOS 6 : kernel (CESA-2014:0924)", "description": "Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 6.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-07-26T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76838", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:45:03"}, {"id": "ORACLELINUX_ELSA-2014-0923.NASL", "type": "nessus", "title": "Oracle Linux 7 : kernel (ELSA-2014-0923)", "description": "From Red Hat Security Advisory 2014:0923 :\n\nUpdated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-07-24T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76746", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:41:43"}, {"id": "ORACLELINUX_ELSA-2014-3047.NASL", "type": "nessus", "title": "Oracle Linux 5 / 6 : Unbreakable Enterprise kernel (ELSA-2014-3047)", "description": "Description of changes:\n\n[2.6.39-400.215.4.el6uek]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229505] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230690] {CVE-2014-4699}", "published": "2014-07-20T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76602", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:38:30"}, {"id": "REDHAT-RHSA-2014-0923.NASL", "type": "nessus", "title": "RHEL 7 : kernel (RHSA-2014:0923)", "description": "Updated kernel packages that fix two security issues are now available for Red Hat Enterprise Linux 7.\n\nThe Red Hat Security Response Team has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe kernel packages contain the Linux kernel, the core of any Linux operating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced process' instruction pointer to be set to a non-canonical memory address without forcing the non-sysret code path when returning to user space. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system.\n(CVE-2014-4699, Important)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and pppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP implementation handled requests with a non-SOL_PPPOL2TP socket option level. A local, unprivileged user could use this flaw to escalate their privileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699, and Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.", "published": "2014-07-30T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=76906", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-29T13:35:06"}], "zdt": [{"id": "1337DAY-ID-23356", "type": "zdt", "title": "Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC", "description": "Exploit for linux platform in category dos / poc", "published": "2015-03-05T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://0day.today/exploit/description/23356", "cvelist": ["CVE-2014-4943"], "lastseen": "2018-04-10T00:26:57"}], "exploitdb": [{"id": "EDB-ID:34060", "type": "exploitdb", "title": "Linux x86 - Socket Re-use Shellcode 50 bytes", "description": "Linux x86 - Socket Re-use Shellcode (50 bytes). CVE-2014-4943. Shellcode exploit for lin_x86 platform", "published": "2014-07-14T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/34060/", "cvelist": ["CVE-2014-4943"], "lastseen": "2016-02-03T20:25:18"}, {"id": "EDB-ID:36267", "type": "exploitdb", "title": "Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC", "description": "Linux Kernel PPP-over-L2TP Socket Level Handling - Crash PoC. CVE-2014-4943. Dos exploit for linux platform", "published": "2015-03-04T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/36267/", "cvelist": ["CVE-2014-4943"], "lastseen": "2016-02-04T03:06:47"}], "canvas": [{"id": "LINUX_PPPOL2TP", "type": "canvas", "title": "Immunity Canvas: LINUX_PPPOL2TP", "description": "**Name**| linux_pppol2tp \n---|--- \n**CVE**| CVE-2014-4943 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| pppol2tp local root \n**Notes**| Repeatability: Single \nNotes: \n \nExploit for Linux >= 3.4.x (amd64) and >= 3.7.x (x86) \n \nTested on \n\\+ Ubuntu 13.04 / 13.10 / 14.04 (x86/amd64) \n\\+ Fedora 17 (amd64 only) \n\\+ Fedora 18/19/20 (x86/amd64) \n \nNote: Debian is _not_ supported. \n \n[+] Exhaustive list of supported kernels (AMD64): \n-> [0] 3.14.5-200.fc20.x86_64 - Fedora 20.00 \n-> [1] 3.13.5-200.fc20.x86_64 - Fedora 20.00 \n-> [2] 3.12.10-300.fc20.x86_64 - Fedora 20.00 \n-> [3] 3.11.10-301.fc20.x86_64 - Fedora 20.00 \n-> [4] 3.14.5-100.fc19.x86_64 - Fedora 19.00 \n-> [5] 3.12.9-200.fc19.x86_64 - Fedora 19.00 \n-> [6] 3.11.6-200.fc19.x86_64 - Fedora 19.00 \n-> [7] 3.10.7-200.fc19.x86_64 - Fedora 19.00 \n-> [8] 3.9.5-301.fc19.x86_64 - Fedora 19.00 \n-> [9] 3.11.10-100.fc18.x86_64 - Fedora 18.00 \n-> [10] 3.9.6-200.fc18.x86_64 - Fedora 18.00 \n-> [11] 3.7.9-205.fc18.x86_64 - Fedora 18.00 \n-> [12] 3.6.10-4.fc18.x86_64 - Fedora 18.00 \n-> [13] 3.9.10-100.fc17.x86_64 - Fedora 17.00 \n-> [14] 3.13.0-30-generic - Ubuntu 14.04 \n-> [15] 3.13.0-29-generic - Ubuntu 14.04 \n-> [16] 3.13.0-27-generic - Ubuntu 14.04 \n-> [17] 3.13.0-24-generic - Ubuntu 14.04 \n-> [18] 3.11.0-24-generic - Ubuntu 13.10 \n-> [19] 3.11.0-23-generic - Ubuntu 13.10 \n-> [20] 3.11.0-12-generic - Ubuntu 13.10 \n-> [21] 3.8.0-19-generic - Ubuntu 13.04 \n[+] Exhaustive list of supported kernels (x86): \n-> [0] 3.15.4-200.fc20.i686 - Fedora 20.00 \n-> [1] 3.14.9-200.fc20.i686 - Fedora 20.00 \n-> [2] 3.13.7-200.fc20.i686 - Fedora 20.00 \n-> [3] 3.12.10-300.fc20.i686 - Fedora 20.00 \n-> [4] 3.11.10-301.fc20.i686 - Fedora 20.00 \n-> [5] 3.14.9-100.fc19.i686 - Fedora 19.00 \n-> [6] 3.14.8-100.fc19.i686 - Fedora 19.00 \n-> [7] 3.13.11-100.fc19.i686 - Fedora 19.00 \n-> [8] 3.12.9-200.fc19.i686 - Fedora 19.00 \n-> [9] 3.9.5-301.fc19.i686 - Fedora 19.00 \n-> [10] 3.11.10-100.fc18.i686 - Fedora 18.00 \n-> [11] 3.10.10-100.fc18.i686 - Fedora 18.00 \n-> [12] 3.8.11-200.fc18.i686 - Fedora 18.00 \n-> [13] 3.7.9-201.fc18.i686 - Fedora 18.00 \n-> [14] 3.6.0-3.fc18.i686 - Fedora 18.00 \n-> [15] 3.13.0-30-generic - Ubuntu 14.04 \n-> [16] 3.13.0-29-generic - Ubuntu 14.04 \n-> [17] 3.13.0-27-generic - Ubuntu 14.04 \n-> [18] 3.13.0-24-generic - Ubuntu 14.04 \n-> [19] 3.11.0-24-generic - Ubuntu 13.10 \n-> [20] 3.11.0-23-generic - Ubuntu 13.10 \n-> [21] 3.11.0-19-generic - Ubuntu 13.10 \n-> [22] 3.11.0-12-generic - Ubuntu 13.10 \n-> [23] 3.8.0-19-generic - Ubuntu 13.04 \n \nVENDOR: GNU/Linux \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943 \nCVE Name: CVE-2014-4943 \n\n", "published": "2014-07-19T15:55:08", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/linux_pppol2tp", "cvelist": ["CVE-2014-4943"], "lastseen": "2016-09-25T14:12:32"}], "openvas": [{"id": "OPENVAS:1361412562310871214", "type": "openvas", "title": "RedHat Update for kernel RHSA-2014:0923-01", "description": "Check for the Version of kernel", "published": "2014-07-28T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871214", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2018-04-09T11:11:21"}, {"id": "OPENVAS:1361412562310123380", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3047", "description": "Oracle Linux Local Security Checks ELSA-2014-3047", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123380", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-07-24T12:53:54"}, {"id": "OPENVAS:1361412562310881965", "type": "openvas", "title": "CentOS Update for kernel CESA-2014:0924 centos6 ", "description": "Check for the Version of kernel", "published": "2014-07-28T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310881965", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2018-04-09T11:12:28"}, {"id": "OPENVAS:1361412562310871206", "type": "openvas", "title": "RedHat Update for kernel RHSA-2014:0924-01", "description": "Check for the Version of kernel", "published": "2014-07-28T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871206", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2018-04-09T11:12:17"}, {"id": "OPENVAS:1361412562310123378", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-3048", "description": "Oracle Linux Local Security Checks ELSA-2014-3048", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123378", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-07-24T12:53:15"}, {"id": "OPENVAS:1361412562310123363", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0924", "description": "Oracle Linux Local Security Checks ELSA-2014-0924", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123363", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-07-24T12:53:01"}, {"id": "OPENVAS:1361412562310123356", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2014-0923", "description": "Oracle Linux Local Security Checks ELSA-2014-0923", "published": "2015-10-06T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310123356", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-07-24T12:53:22"}, {"id": "OPENVAS:702992", "type": "openvas", "title": "Debian Security Advisory DSA 2992-1 (linux - security update)", "description": "Several vulnerabilities have been discovered in the Linux kernel that\nmay lead to a denial of service or privilege escalation:\n\nCVE-2014-3534 \nMartin Schwidefsky of IBM discovered that the ptrace subsystem does\nnot properly sanitize the psw mask value. On s390 systems, an\nunprivileged local user could use this flaw to set address space\ncontrol bits to kernel space combination and thus gain read/write\naccess to kernel memory.\n\nCVE-2014-4667 \nGopal Reddy Kodudula of Nokia Siemens Networks discovered that the\nsctp_association_free function does not properly manage a certain\nbacklog value, which allows remote attackers to cause a denial of\nservice (socket outage) via a crafted SCTP packet.\n\nCVE-2014-4943 \nSasha Levin discovered a flaw in the Linux kernel's point-to-point\nprotocol (PPP) when used with the Layer Two Tunneling Protocol\n(L2TP). An unprivileged local user could use this flaw for privilege\nescalation.", "published": "2014-07-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=702992", "cvelist": ["CVE-2014-4943", "CVE-2014-3534", "CVE-2014-4667"], "lastseen": "2017-08-01T10:48:40"}, {"id": "OPENVAS:1361412562310841899", "type": "openvas", "title": "Ubuntu Update for linux USN-2283-1", "description": "Check for the Version of linux", "published": "2014-07-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841899", "cvelist": ["CVE-2014-0131", "CVE-2014-4943", "CVE-2014-4608"], "lastseen": "2018-04-30T13:49:28"}, {"id": "OPENVAS:1361412562310841904", "type": "openvas", "title": "Ubuntu Update for linux-ti-omap4 USN-2284-1", "description": "Check for the Version of linux-ti-omap4", "published": "2014-07-21T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310841904", "cvelist": ["CVE-2014-0131", "CVE-2014-4943", "CVE-2014-4608"], "lastseen": "2018-04-30T13:49:36"}], "oraclelinux": [{"id": "ELSA-2014-3048", "type": "oraclelinux", "title": "unbreakable enterprise kernel security update", "description": "kernel-uek\n[2.6.32-400.36.4uek]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229529] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230692] {CVE-2014-4699}", "published": "2014-07-18T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3048.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2016-09-04T11:16:42"}, {"id": "ELSA-2014-0924", "type": "oraclelinux", "title": "kernel security update", "description": "[2.6.32-431.20.5]\n- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}\n[2.6.32-431.20.4]\n- [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699}", "published": "2014-07-23T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0924.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2016-09-04T11:17:15"}, {"id": "ELSA-2014-3047", "type": "oraclelinux", "title": "unbreakable enterprise kernel security update", "description": "[2.6.39-400.215.4]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229505] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230690] {CVE-2014-4699}", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3047.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2016-09-04T11:16:53"}, {"id": "ELSA-2014-0923", "type": "oraclelinux", "title": "kernel security update", "description": "[3.10.0-123.4.4]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-123.4.4]\n- [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}\n[3.10.0-123.4.3]\n- [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}", "published": "2014-07-23T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-0923.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2016-09-04T11:16:18"}, {"id": "ELSA-2014-3049", "type": "oraclelinux", "title": "unbreakable enterprise kernel security update", "description": "kernel-uek\n[3.8.13-35.3.2.el7uek]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699}\n- net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348}", "published": "2014-07-23T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3049.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943", "CVE-2013-4348"], "lastseen": "2016-09-04T11:16:51"}, {"id": "ELSA-2014-3046", "type": "oraclelinux", "title": "unbreakable enterprise kernel security update", "description": "kernel-uek\n[3.8.13-35.1.3.el6uek]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19229497] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19230689] {CVE-2014-4699}\n- net: flow_dissector: fail on evil iph->ihl (Jason Wang) [Orabug: 19231234] {CVE-2013-4348}", "published": "2014-07-18T00:00:00", "cvss": {"score": 7.1, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3046.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943", "CVE-2013-4348"], "lastseen": "2016-09-04T11:16:15"}, {"id": "ELSA-2014-1281", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[3.10.0-123.8.1]\n- Oracle Linux certificates (Alexey Petrenko)\n[3.10.0-123.8.1]\n- [scsi] fnic: fix broken FIP discovery by initializing multicast address (Chris Leech) [1119727 1100078]\n- [scsi] libfcoe: Make fcoe_sysfs optional / fix fnic NULL exception (Chris Leech) [1119727 1100078]\n- [fs] nfs: Don't mark the data cache as invalid if it has been flushed (Scott Mayhew) [1115817 1114054]\n- [fs] nfs: Clear NFS_INO_REVAL_PAGECACHE when we update the file size (Scott Mayhew) [1115817 1114054]\n- [fs] nfs: Fix cache_validity check in nfs_write_pageuptodate() (Scott Mayhew) [1115817 1114054]\n- [mm] hugetlb: ensure hugepage access is denied if hugepages are not supported (David Gibson) [1122115 1081671]\n- [kernel] hrtimer: Prevent all reprogramming if hang detected (Prarit Bhargava) [1113175 1094732]\n[3.10.0-123.7.1]\n- [scsi] set DID_TIME_OUT correctly (Ewan Milne) [1122575 1103881]\n- [scsi] fix invalid setting of host byte (Ewan Milne) [1122575 1103881]\n- [scsi] More USB deadlock fixes (Ewan Milne) [1122575 1103881]\n- [scsi] Fix USB deadlock caused by SCSI error handling (Ewan Milne) [1122575 1103881]\n- [scsi] Fix command result state propagation (Ewan Milne) [1122575 1103881]\n- [scsi] Fix spurious request sense in error handling (Ewan Milne) [1122575 1103881]\n- [input] synaptics: fix resolution for manually provided min/max (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: change min/max quirk table to pnp-id matching (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add a matches_pnp_id helper function (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: T540p - unify with other LEN0034 models (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add min/max quirk for the ThinkPad W540 (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add min/max quirk for ThinkPad Edge E431 (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add min/max quirk for ThinkPad T431s, L440, L540, S1 Yoga and X1 (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: report INPUT_PROP_TOPBUTTONPAD property (Benjamin Tissoires) [1122559 1093449]\n- [input] Add INPUT_PROP_TOPBUTTONPAD device property (Benjamin Tissoires) [1122559 1093449]\n- [input] i8042: add firmware_id support (Benjamin Tissoires) [1122559 1093449]\n- [input] serio: add firmware_id sysfs attribute (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add manual min/max quirk for ThinkPad X240 (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: add manual min/max quirk (Benjamin Tissoires) [1122559 1093449]\n- [input] synaptics: fix incorrect placement of __initconst (Benjamin Tissoires) [1122559 1093449]\n- [ethernet] be2net: Fix invocation of be_close() after be_clear() (Ivan Vecera) [1122558 1066644]\n- [ethernet] be2net: enable interrupts in EEH resume (Ivan Vecera) [1121712 1076682]\n- [ethernet] sfc: PIO:Restrict to 64bit arch and use 64-bit writes (Nikolay Aleksandrov) [1119725 1089024]\n- [kernel] ftrace: Hardcode ftrace_module_init() call into load_module() (Takahiro MUNEDA) [1119721 1061553]\n- [kernel] trace: Make register/unregister_ftrace_command __init (Takahiro MUNEDA) [1119721 1061553]\n- [block] nvme: Initialize device reference count earlier (David Milburn) [1119720 1081734]\n- [ata] ahci: accommodate tag ordered controller (David Milburn) [1117154 1083746]\n- [s390] af_iucv: recvmsg problem for SOCK_STREAM sockets (Hendrik Brueckner) [1115585 1109703]\n- [s390] af_iucv: correct cleanup if listen backlog is full (Hendrik Brueckner) [1115584 1109033]\n- [mm] Revert: vmscan: do not swap anon pages just because free+file is low (Johannes Weiner) [1114938 1102991]\n- [drm] nouveau/bios: fix a bit shift error introduced by recent commit (Ulrich Obergfell) [1114869 1089936]\n- [ethernet] bnx2x: Adapter not recovery from EEH error injection (Michal Schmidt) [1107722 1067154]\n- [kernel] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102708 1102710] {CVE-2014-3917}\n- [block] mtip32xx: mtip_async_complete() bug fixes (Jeff Moyer) [1125776 1102281]\n- [block] mtip32xx: Unmap the DMA segments before completing the IO request (Jeff Moyer) [1125776 1102281]\n- [net] l2tp: don't fall back on UDP [get|set]sockopt (Petr Matousek) [1119465 1119466] {CVE-2014-4943}\n- [s390] ptrace: correct insufficient sanitization when setting psw mask (Hendrik Brueckner) [1114090 1113673] {CVE-2014-3534}", "published": "2014-09-22T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1281.html", "cvelist": ["CVE-2014-4943", "CVE-2014-3917", "CVE-2014-3534"], "lastseen": "2016-09-04T11:17:00"}, {"id": "ELSA-2014-1167", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[2.6.32-431.29.2]\n- [kernel] futex: Fix errors in nested key ref-counting (Denys Vlasenko) [1094457 1094458] {CVE-2014-0205}\n- [net] vxlan: fix NULL pointer dereference (Jiri Benc) [1114549 1096351] {CVE-2014-3535}\n[2.6.32-431.29.1]\n- [mm] hugetlb: ensure hugepage access is denied if hugepages are not supported (Gustavo Duarte) [1118782 1086450]\n- [security] keys: Increase root_maxkeys and root_maxbytes sizes (Steve Dickson) [1115542 1113607]\n- [fs] lockd: Ensure that nlmclnt_block resets block->b_status after a server reboot (Steve Dickson) [1110180 959006]\n- [net] filter: add vlan tag access (Jiri Benc) [1108526 1082097]\n- [net] filter: add XOR operation (Jiri Benc) [1108526 1082097]\n- [net] filter: add SKF_AD_RXHASH and SKF_AD_CPU (Jiri Benc) [1108526 1082097]\n- [net] filter: Socket filter ancilliary data access for skb->dev->type (Jiri Benc) [1108526 1082097]\n- [net] filter: Add SKF_AD_QUEUE instruction (Jiri Benc) [1108526 1082097]\n- [net] filter: ingress socket filter by mark (Jiri Benc) [1108526 1082097]\n- [netdrv] bonding: look for bridge IPs in arp monitoring (Veaceslav Falico) [1102794 704190]\n- [s390] af_iucv: wrong mapping of sent and confirmed skbs (Hendrik Brueckner) [1112390 1102248]\n- [s390] af_iucv: recvmsg problem for SOCK_STREAM sockets (Hendrik Brueckner) [1112390 1102248]\n- [s390] af_iucv: fix recvmsg by replacing skb_pull() function (Hendrik Brueckner) [1112390 1102248]\n- [s390] kernel: avoid page table walk on user space access (Hendrik Brueckner) [1111194 1099146]\n- [s390] qeth: postpone freeing of qdio memory (Hendrik Brueckner) [1112134 1094379]\n- [s390] qeth: Fix retry logic in hardsetup (Hendrik Brueckner) [1112134 1094379]\n- [s390] qeth: Recognize return codes of ccw_device_set_online (Hendrik Brueckner) [1112134 1094379]\n- [s390] qdio: remove API wrappers (Hendrik Brueckner) [1112134 1094379]\n- [scsi] Ensure medium access timeout counter resets (David Jeffery) [1117153 1036884]\n- [scsi] Fix error handling when no ULD is attached (David Jeffery) [1117153 1036884]\n- [scsi] Handle disk devices which can not process medium access commands (David Jeffery) [1117153 1036884]\n- [fs] nfs: Fix calls to drop_nlink() (Steve Dickson) [1099607 1093819]\n- [mm] swap: do not skip lowest_bit in scan_swap_map() scan loop (Rafael Aquini) [1099728 1060886]\n- [mm] swap: fix shmem swapping when more than 8 areas (Rafael Aquini) [1099728 1060886]\n- [mm] swap: fix swapon size off-by-one (Rafael Aquini) [1099728 1060886]\n- [md] avoid deadlock when dirty buffers during md_stop (Jes Sorensen) [1121541 994724]\n- [x86] hyperv: bypass the timer_irq_works() check (Jason Wang) [1112226 1040349]\n[2.6.32-431.28.1]\n- [kernel] auditsc: audit_krule mask accesses need bounds checking (Denys Vlasenko) [1102704 1102705] {CVE-2014-3917}\n- [net] ipv4: fix route cache rebuilds (Jiri Pirko) [1113824 1111631]\n- [fs] nfsd: notify_change needs elevated write count (Mateusz Guzik) [1110177 1105057]\n- [fs] nfsv4: close needs to handle NFS4ERR_ADMIN_REVOKED (Dave Wysochanski) [1096397 1082127]\n- [fs] pipe: skip file_update_time on frozen fs (Eric Sandeen) [1114405 1093077]\n- [fs] nfs: Fail the truncate() if the lock/open stateid is invalid (Steve Dickson) [1090613 1075123]\n- [fs] nfs: Servers should only check SETATTR stateid open mode on size change (Steve Dickson) [1090613 1075123]\n- [fs] nfs: Fail data server I/O if stateid represents a lost lock (Steve Dickson) [1090613 1075123]\n- [fs] nfs: Fix the return value of nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123]\n- [fs] nfs: Use the open stateid if the delegation has the wrong mode (Steve Dickson) [1090613 1075123]\n- [fs] nfs: nfs4_stateid_is_current should return 'true' for an invalid stateid (Steve Dickson) [1090613 1075123]\n- [fs] nfs: fix error return in nfs4_select_rw_stateid (Steve Dickson) [1090613 1075123]\n- [fs] nfs: Document the recover_lost_locks kernel parameter (Jeff Layton) [1089359 963785]\n- [fs] nfs: Don't try to recover NFSv4 locks when they are lost (Jeff Layton) [1089359 963785]\n- [fs] nfs: Fix handling of partially delegated locks (Jeff Layton) [1120074 959788]\n- [fs] nfs: Convert the nfs4_lock_state->ls_flags to a bit field (Jeff Layton) [1120074 959788]\n- [x86] Optimize switch_mm() for multi-threaded workloads (Rik van Riel) [1115821 991518]\n- [netdrv] pppol2tp: fail when socket option level is not SOL_PPPOL2TP [1119461 1119462] {CVE-2014-4943}\n- [kernel] utrace: force IRET path after utrace_finish_vfork() (Oleg Nesterov) [1115932 1115933] {CVE-2014-4699}\n[2.6.32-431.27.1]\n- [scsi] fix performance regression due to inverted blk_get_queue return (Mike Snitzer) [1117582 1098658]\n- [net] openvswitch: fix use-after-free bug in netns (Flavio Leitner) [1120651 1100127]\n[2.6.32-431.26.1]\n- [net] gro: fix deliver of trunk packets to VLAN interfaces (Marcelo Ricardo Leitner) [1116231 1112324]\n[2.6.32-431.25.1]\n- [net] sctp: Fix sk_ack_backlog wrap-around problem (Daniel Borkmann) [1113969 1085932] {CVE-2014-4667}\n[2.6.32-431.24.1]\n- [alsa] aloop: Close races at restarting the stream (Jaroslav Kysela) [1112492 1078592]\n- [alsa] aloop: Export snd_pcm_constraint_mask64() (Jaroslav Kysela) [1112492 1078592]\n- [alsa] pcm: Warn when buffer preallocation fails (Jaroslav Kysela) [1112492 1078592]\n- [alsa] aloop: Add SNDRV_PCM_STATE_PAUSED case in wait_for_avail function (Jaroslav Kysela) [1112492 1078592]\n- [alsa] jack: Unregister input device at disconnection (Jaroslav Kysela) [1112492 1078592]\n- [alsa] aloop: Optimize module name check (Jaroslav Kysela) [1112492 1078592]\n- [alsa] pcm: Add fallthru comments (Jaroslav Kysela) [1112492 1078592]\n- [alsa] aloop: Fix Oops while PM resume (Jaroslav Kysela) [1112492 1078592]\n- [alsa] aloop: add locking to timer access (Jaroslav Kysela) [1112492 1078592]", "published": "2014-09-09T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1167.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943", "CVE-2014-3917", "CVE-2014-3535", "CVE-2014-0205", "CVE-2014-4667"], "lastseen": "2016-09-04T11:16:22"}, {"id": "ELSA-2014-3070", "type": "oraclelinux", "title": "Unbreakable Enterprise kernel security and bug fix update", "description": "kernel-uek\n[3.8.13-44]\n- net: Use netlink_ns_capable to verify the permisions of netlink messages (Eric W. Biederman) [Orabug: 19404229] {CVE-2014-0181}\n- net: Add variants of capable for use on netlink messages (Eric W. Biederman) [Orabug: 19404229] \n- net: Add variants of capable for use on on sockets (Eric W. Biederman) [Orabug: 19404229] \n- netlink: Rename netlink_capable netlink_allowed (Eric W. Biederman) [Orabug: 19404229] \n- sctp: Fix sk_ack_backlog wrap-around problem (Xufeng Zhang) [Orabug: 19404238] {CVE-2014-4667}\n- Revert 'xen/fb: allow xenfb initialization for hvm guests' (Vaughan Cao) [Orabug: 19320529]\n[3.8.13-43]\n- init: fix in-place parameter modification regression (Krzysztof Mazur) [Orabug: 18954967] \n- drivers: scsi: storvsc: Correctly handle TEST_UNIT_READY failure (K. Y. Srinivasan) [Orabug: 19280065] \n- drivers: scsi: storvsc: Set srb_flags in all cases (K. Y. Srinivasan) [Orabug: 19280065] \n- Drivers: scsi: storvsc: Implement a timedout handler (K. Y. Srinivasan) [Orabug: 19280065] \n- Drivers: scsi: storvsc: Fix a bug in handling VMBUS protocol version (K. Y. Srinivasan) [Orabug: 19280065] \n- Drivers: scsi: storvsc: Filter commands based on the storage protocol version (K. Y. Srinivasan) [Orabug: 19280065] \n- Drivers: scsi: storvsc: Set cmd_per_lun to reflect value supported by the Host (K. Y. Srinivasan) [Orabug: 19280065] \n- Drivers: scsi: storvsc: Change the limits to reflect the values on the host (K. Y. Srinivasan) [Orabug: 19280065]\n[3.8.13-42]\n- filter: prevent nla extensions to peek beyond the end of the message (Mathias Krause) [Orabug: 19315780] {CVE-2014-3144} {CVE-2014-3145}\n[3.8.13-41]\n- rds: Lost locking in loop connection freeing (Pavel Emelyanov) [Orabug: 19124446] \n- ocfs2/o2net: incorrect to terminate accepting connections loop upon rejecting an invalid one (Tariq Saeed) [Orabug: 19296823] \n- xen/pciback: Don't deadlock when unbinding. (Konrad Rzeszutek Wilk) [Orabug: 19296592] \n- PCI: Split out pci_dev lock/unlock and save/restore (Alex Williamson) [Orabug: 19296592]\n[3.8.13-40]\n- l2tp: fix an unprivileged user to kernel privilege escalation (Sasha Levin) [Orabug: 19228689] {CVE-2014-4943} {CVE-2014-4943}\n- ptrace,x86: force IRET path after a ptrace_stop() (Tejun Heo) [Orabug: 19222017] {CVE-2014-4699}\n- mpt3sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] \n- mpt2sas: Rework the MSI-X code to work on systems with many processors (Martin K. Petersen) [Orabug: 18182490] \n- mpt3sas: Bump mpt3sas driver version to 04.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Added Reply Descriptor Post Queue (RDPQ) Array support (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Bump mpt3sas driver version to 03.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Added OEM branding Strings (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: MPI2.5 Rev H (2.5.3) specifications (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Copyright in driver sources is updated for year the 2014 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Clear PFA Status on SGPIO when PFA Drive is Removed or Replaced (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: MPI2.5 Rev G (2.5.2) specifications (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt3sas: Remove use of DEF_SCSI_QCMD (Matthew Wilcox) [Orabug: 19015667] \n- mpt3sas: Remove uses of serial_number (Matthew Wilcox) [Orabug: 19015667] \n- Allow MPT Fusion SAS 3.0 driver to be built into the kernel (Greg Kroah-Hartman) [Orabug: 19015667] \n- mpt3sas: Remove phys on topology change (Jan Vesely) [Orabug: 19015667] \n- mpt3sas: Added a driver module parameter max_msix_vectors (Sreekanth Reddy) [Orabug: 19015667] \n- mpt3sas: fix cleanup on controller resource mapping failure (Joe Lawrence) [Orabug: 19015667] \n- Revert 'mpt3sas: update from v02.100.00.00 to v3.00.00.00' (Martin K. Petersen) [Orabug: 19015667] \n- Revert 'mpt3sas: Rework the MSI-X code to work on systems with many processors' (Martin K. Petersen) [Orabug: 19015667] \n- mpt2sas: Added module parameter 'unblock_io' to unblock IO's during disk addition (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Bump mpt2sas driver version to 18.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Get IOC_FACTS information using handshake protocol only after HBA card gets into READY or Operational state (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Added Reply Descriptor Post Queue (RDPQ) Array support (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: For >2TB volumes, DirectDrive support sends IO's with LBA bit 31 to IR FW instead of DirectDrive (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Copyright in driver sources is updated for year the 2014 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Clear PFA Status on SGPIO when PFA Drive is Removed or Replaced (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Bump mpt2sas driver version to 17.100.00.00 (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: MPI2 Rev Y (2.00.17) and Rev Z (2.00.18) specifications (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Added driver module parameter max_msix_vectors (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Add free smids to the head, not tail of list (Matthew Wilcox) [Orabug: 19015667] \n- mpt2sas: Remove use of DEF_SCSI_QCMD (Matthew Wilcox) [Orabug: 19015667] \n- mpt2sas: Remove uses of serial_number (Matthew Wilcox) [Orabug: 19015667] \n- mpt2sas: Don't disable device twice at suspend. (Tyler Stachecki) [Orabug: 19015667] \n- mpt2sas: Remove phys on topology change. (Jan Vesely) [Orabug: 19015667] \n- mpt2sas: Bump driver version to v16.100.00.00 (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Fix for kernel panic when driver loads with HBA connected to non LUN 0 configured expander (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: when Async scanning is enabled then while scanning, devices are removed but their transport layer entries are not removed (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Infinite loop can occur if MPI2_IOCSTATUS_CONFIG_INVALID_PAGE is not returned (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: The copyright in driver sources is updated for the year 2013 (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: MPI2 Rev X (2.00.16) specifications (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Change in MPI2_RAID_ACTION_SYSTEM_SHUTDOWN_INITIATED notification methodology (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Null pointer deference possibility in mpt2sas_ctl_event_callback function (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: fix cleanup on controller resource mapping failure (Joe Lawrence) [Orabug: 19015667] \n- mpt2sas: fix for unused variable 'event_data' warning (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Bump driver vesion to v15.100.00.00 (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Calulate the Reply post queue depth calculation as per the MPI spec (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: fix firmware failure with wrong task attribute (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Fix for device scan following host reset could get stuck in a infinite loop (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Update the timing requirements for issuing a Hard Reset (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: MPI2 Rev W (2.00.15) specification (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: Fix for issue Missing delay not getting set during system bootup (Reddy, Sreekanth) [Orabug: 19015667] \n- mpt2sas: Add support for OEM specific controller (Sreekanth Reddy) [Orabug: 19015667] \n- mpt2sas: fix for driver fails EEH, recovery from injected pci bus error (Sreekanth Reddy) [Orabug: 19015667] \n- Revert 'mpt2sas: update to LSI version 16.05.01.00' (Martin K. Petersen) [Orabug: 19015667] \n- Revert 'mpt2sas: update from 16.05.01.00 to 17.00.00.00' (Martin K. Petersen) [Orabug: 19015667] \n- Revert 'mpt2sas: Rework the MSI-X code to work on systems with many processors' (Martin K. Petersen) [Orabug: 19015667] \n- megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Fix LD/VF affiliation parsing (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Remove unused variables in megasas_instance (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Fix reset_mutex leak (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: fix a small problem when reading state value from hw (Tomas Henzl) [Orabug: 19015667] \n- megaraid_sas: Version and Changelog update (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Add Dell PowerEdge VRTX SR-IOV VF support (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Return leaked MPT frames to MPT frame pool (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Fix megasas_ioc_init_fusion (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Load correct raid context timeout (Adam Radford) [Orabug: 19015667] \n- megaraid_sas: Performance boost fixes (Sumit.Saxena@lsi.com) [Orabug: 19015667] \n- megaraid_sas: Set 32-bit DMA mask (Sumit.Saxena@lsi.com) [Orabug: 19015667] \n- megaraid_sas: Big endian code related fixes (Sumit.Saxena@lsi.com) [Orabug: 19015667] \n- megaraid_sas: Don't wait forever for non-IOCTL DCMDs (Sumit.Saxena@lsi.com) [Orabug: 19015667] \n- megaraid_sas: check return value for megasas_get_pd_list() (Hannes Reinecke) [Orabug: 19015667] \n- megaraid_sas_fusion: Return correct error value in megasas_get_ld_map_info() (Hannes Reinecke) [Orabug: 19015667] \n- megaraid_sas_fusion: correctly pass queue info pointer (Hannes Reinecke) [Orabug: 19015667] \n- megaraid: missing bounds check in mimd_to_kioc() (Dan Carpenter) [Orabug: 19015667] \n- megaraid: Use resource_size_t for PCI resources, not long (Ben Collins) [Orabug: 19015667]\n[3.8.13-39]\n- PCI: Work around Ivytown NTB BAR size issue (Jon Mason) [Orabug: 18127862] \n- cgroup: make cgroup_path() not print double slashes (Tejun Heo) [Orabug: 18510637] \n- xen: Introduce 'xen_nopv' to disable PV extensions for HVM guests. (Konrad Rzeszutek Wilk) [Orabug: 19033747] \n- spec: reenable pesign module signing (Guangyu Sun) [Orabug: 19065003] \n- [ocfs2]: refcount: take rw_lock in ocfs2_reflink (Wengang Wang) [Orabug: 19154247] \n- cifs: bugfix for unreclaimed writeback pages in cifs_writev_requeue() (Ouyang Maochun) [Orabug: 18447168] \n- xfs: add CRCs to attr leaf blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRCs to dir2/da node blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: shortform directory offsets change for dir3 format (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checking to dir2 leaf blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checking to dir2 data blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checking to dir2 free blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checks to block format directory blocks (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checks to remote symlinks (Dave Chinner) [Orabug: 18504299] \n- xfs: split out symlink code into it's own file. (Dave Chinner) [Orabug: 18504299] \n- xfs: add version 3 inode format with CRCs (Christoph Hellwig) [Orabug: 18504299] \n- xfs: add CRC checks for quota blocks (Christoph Hellwig) [Orabug: 18504299] \n- xfs: add CRC checks to the AGI (Dave Chinner) [Orabug: 18504299] \n- xfs: add CRC checks to the AGFL (Christoph Hellwig) [Orabug: 18504299] \n- xfs: add CRC checks to the AGF (Dave Chinner) [Orabug: 18504299] \n- xfs: add support for large btree blocks (Christoph Hellwig) [Orabug: 18504299] \n- xfs: xfs_iomap_prealloc_size() tracepoint (Brian Foster) [Orabug: 18504299] \n- xfs: add quota-driven speculative preallocation throttling (Brian Foster) [Orabug: 18504299] \n- xfs: xfs_dquot prealloc throttling watermarks and low free space (Brian Foster) [Orabug: 18504299] \n- xfs: pass xfs_dquot to xfs_qm_adjust_dqlimits() instead of xfs_disk_dquot_t (Brian Foster) [Orabug: 18504299] \n- xfs: push rounddown_pow_of_two() to after prealloc throttle (Brian Foster) [Orabug: 18504299] \n- xfs: reorganize xfs_iomap_prealloc_size to remove indentation (Brian Foster) [Orabug: 18504299] \n- xfs: take inode version into account in XFS_LITINO (Christoph Hel l w i g ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : r e a r r a n g e s o m e c o d e i n x f s _ b m a p f o r b e t t e r l o c a l i t y ( D a v e C h i n n e r ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : d o n ' t v e r i f y b u f f e r s a f t e r I O e r r o r s ( D a v e C h i n n e r ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : l i m i t s p e c u l a t i v e p r e a l l o c s i z e o n s p a r s e f i l e s ( D a v e C h i n n e r ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : m e m o r y b a r r i e r b e f o r e w a k e _ u p _ b i t ( ) ( A l e x E l d e r ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : r e f a c t o r s p a c e l o g r e s e r v a t i o n f o r X F S _ T R A N S _ A T T R _ S E T ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : m a k e u s e o f X F S _ S B _ L O G _ R E S ( ) a t x f s _ f s _ l o g _ d u m m y ( ) ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : m a k e u s e o f X F S _ S B _ L O G _ R E S ( ) a t x f s _ m o u n t _ l o g _ s b ( ) ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : m a k e u s e o f X F S _ S B _ L O G _ R E S ( ) a t x f s _ l o g _ s b c o u n t ( ) ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : i n t r o d u c e X F S _ S B _ L O G _ R E S ( ) f o r t r a n s a c t i o n s t h a t m o d i f y s b o n d i s k ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u l a t e X F S _ T R A N S _ Q M _ Q U O T A O F F _ E N D s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u l a t e X F S _ T R A N S _ Q M _ Q U O T A O F F s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u l a t e X F S _ T R A N S _ Q M _ D Q A L L O C s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u a t e X F S _ T R A N S _ Q M _ S E T Q L I M s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u l a t e x f s _ q m _ w r i t e _ s b _ c h a n g e s ( ) s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : c a l c u l a t e X F S _ T R A N S _ Q M _ S B C H A N G E s p a c e l o g r e s e r v a t i o n a t m o u n t t i m e ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : m a k e u s e o f x f s _ c a l c _ b u f _ r e s ( ) i n x f s _ t r a n s . c ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : a d d a h e l p e r t o f i g u r e o u t t h e s p a c e l o g r e s e r v a t i o n p e r i t e m ( J e f f L i u ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : f i x f s / x f s / x f s _ l o g . c : 1 7 4 0 : 3 9 : e r r o r : ' B _ T R U E ' u n d e c l a r e d ( B e n M y e r s ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : R e m o v e b o o l e a n _ t t y p e d e f c o m p l e t e l y . ( T h i a g o F a r i n a ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > ( A b h i j i t P a w a r ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s : d o n ' t z e r o s t r u c t u r e m e m b e r s a f t e r a m e m s e t ( 0 ) ( E r i c S a n d e e n ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - x f s r e m o v e t h e X F S _ T R A N S _ D E B U G r o u t i n e s ( M a r k T i n g u e l y ) [ O r a b u g : 1 8 5 0 4 2 9 9 ] b r > - s p e c : l i s t l i n u x - f i r m w a r e a s a d e p e n d e n c y ( G u a n g y u S u n ) [ O r a b u g : 1 8 5 3 9 1 0 0 ] b r > - k b u i l d / c t f : F i x o u t - o f - t r e e m o d u l e b u i l d w h e n C O N F I G _ C T F = n . ( N i c k A l c o c k ) [ O r a b u g : 1 9 0 7 8 3 6 1 ] b r > - d t r a c e : s u p p o r t o r d e r - o n l y - p r e r e q u i s i t e s f o r s d t s t u b g e n e r a t i o n ( K r i s V a n H e e s ) [ O r a b u g : 1 8 9 0 6 4 4 4 ] b r > - q l c n i c : A d d S R I O V h e l p e r f u n c t i o n t o d e t e r m i n e i f V F s a r e a s s i g n e d t o g u e s t ( V a u g h a n C a o ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : m a k e K c o n f i g c h a n g e s ( V a u g h a n C a o ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : s y s f s i n t e r f a c e f o r P C I B A R a c c e s s ( S o n y C h a c k o ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : U p d a t e v e r s i o n t o 5 . 3 . 5 9 ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : C o l l e c t f i r m w a r e d u m p u s i n g D M A o n 8 2 x x a d a p t e r s ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A d d m a c l e a r n i n g s u p p o r t t o S R - I O V V F . ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A d d s u p p o r t t o p r o c e s s c o m m a n d s i n a t o m i c c o n t e x t ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A l l o w S R - I O V V F p r o b e i n h y p e r v i s o r . ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : S e t r e a l _ n u m _ { t x | r x } _ q u e u e s p r o p e r l y ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x p a n i c w h i l e d u m p i n g T X q u e u e s o n T X t i m e o u t ( M a n i s h C h o p r a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : U p d a t e v e r s i o n t o 5 . 3 . 5 8 ( J i t e n d r a K a l s a r i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : L i m i t v N I C s u p p o r t i n l e g a c y i n t e r r u p t m o d e ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A d d d r i v e r l o g s i n e r r o r p a t h . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A l l o w s e t t i n g T X i n t e r r u p t c o a l e s c i n g p a r a m e t e r s f r o m V F . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A d d h w m o n - s y s f s i n t e r f a c e t o e x p o r t b o a r d t e m p e r a t u r e . ( H a r i s h P a t i l ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : O p t i m i z e M A C l e a r n i n g c o d e ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x m e m o r y l e a k . ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : R e s e t f i r m w a r e A P I l o c k a t d r i v e r l o a d t i m e ( S o n y C h a c k o ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x M S I - X i n i t i a l i z a t i o n c o d e ( A l e x a n d e r G o r d e e v ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : D o n o t d i s a b l e S R - I O V w h e n V F s a r e a s s i g n e d t o V M s ( M a n i s h C h o p r a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x Q L o g i c a p p l i c a t i o n / d r i v e r i n t e r f a c e f o r v i r t u a l N I C c o n f i g u r a t i o n ( J i t e n d r a K a l s a r i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x P V I D c o n f i g u r a t i o n o n e S w i t c h p o r t . ( J i t e n d r a K a l s a r i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x m a x r i n g c o u n t c a l c u l a t i o n ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x t o s e n d I N I T _ N I C _ F U N C a s f i r s t m a i l b o x . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x p a n i c d u e t o u n i n i t i a l z e d d e l a y e d _ w o r k s t r u c t i n u s e . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - n e t : q l c n i c : i n c l u d e i r q . h f o r i r q d e f i n i t i o n s ( J o s h B o y e r ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : R e m o v e c a s t s o f p o i n t e r t o s a m e t y p e ( J o e P e r c h e s ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : U p d a t e v e r s i o n t o 5 . 3 . 5 7 ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : d c b : a c o u p l e o f f b y o n e b u g s ( D a n C a r p e n t e r ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x n u m b e r o f r i n g s w h e n w e f a l l b a c k f r o m m s i x t o l e g a c y . ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A l l o w a n y V L A N t o b e c o n f i g u r e d f r o m V F . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x u s a g e o f u s e _ m s i a n d u s e _ m s i _ x m o d u l e p a r a m e t e r s ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : F i x f u n c t i o n r e t u r n e r r o r c h e c k ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : U p d a t e v e r s i o n t o 5 . 3 . 5 6 ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : E n h a n c e s e m a p h o r e l o c k a c c e s s f a i l u r e e r r o r m e s s a g e ( H a r i s h P a t i l ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : A l l o w v l a n 0 t r a f f i c ( R a j e s h B o r u n d i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : E n h a n c e d r i v e r m e s s a g e i n f a i l e d s t a t e . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : U p d a t e s t o Q L o g i c a p p l i c a t i o n / d r i v e r i n t e r f a c e f o r v i r t u a l N I C c o n f i g u r a t i o n ( J i t e n d r a K a l s a r i a ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : R e - f a c t o r f i r m w a r e m i n i d u m p t e m p l a t e h e a d e r h a n d l i n g ( S h a h e d S h a i k h ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : C l e a n u p q l c n i c _ e n a b l e _ m s i x ( ) r e t u r n v a l u e s ( A l e x a n d e r G o r d e e v ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l c n i c : R e v e r s e p a t c h e s t i l l 5 . 3 . 5 5 . ( S u c h e t a C h a k r a b o r t y ) [ O r a b u g : 1 9 1 6 7 8 7 7 ] b r > - q l a 4 x x x : U p d a t e d r i v e r v e r i o n t o v 5 . 0 4 . 0 0 . 0 6 . 0 6 . 0 2 - u e k 3 ( T e j P a r k a s h ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : U s e k m e m d u p i n s t e a d o f k m a l l o c + m e m c p y ( B e n o i t T a i n e ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : F i x s m a t c h w a r n i n g i n f u n c q l a 4 x x x _ c o n n _ g e t _ p a r a m ( A d h e e r C h a n d r a v a n s h i ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : F i x s m a t c h w a r n i n g i n f u n c q l a 4 x x x _ g e t _ e p _ p a r a m ( A d h e e r C h a n d r a v a n s h i ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : F i x m e m o r y l e a k f o r h a - > s a v e d _ a c b ( N i l e s h J a v a l i ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : E x p o r t s y s f s D D B s f r o m D P C h a n d l e r ( N i l e s h J a v a l i ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - q l a 4 x x x : D i s a b l e I N T x i n t e r r u p t f o r I S P 8 2 X X ( T e j P a r k a s h ) [ O r a b u g : 1 9 1 4 4 3 5 0 ] b r > - h p s a : a d d p r e v i o u s l y m i s s i n g p c i _ d e v i c e _ i d ( V a u g h a n C a o ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : f i x h a n d l i n g o f h p s a _ v o l u m e _ o f f l i n e r e t u r n v a l u e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e t u r n - E N O M E M n o t - 1 o n k z a l l o c f a i l u r e i n h p s a _ g e t _ d e v i c e _ i d ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e m o v e m e s s a g e s a b o u t v o l u m e s t a t u s V P D i n q u i r y p a g e n o t s u p p o r t e d ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e p o r t c h e c k c o n d i t i o n e v e n i f n o s e n s e d a t a p r e s e n t f o r i o a c c e l 2 m o d e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e m o v e b a d u n l i k e l y a n n o t a t i o n f r o m d e v i c e l i s t u p d a t i n g c o d e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : f i x e v e n t f i l t e r i n g t o p r e v e n t e x c e s s i v e r e s c a n s w i t h o l d f i r m w a r e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : k i l l a n n o y i n g m e s s a g e s a b o u t S S D S m a r t P a t h r e t r i e s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : d e f i n e e x t e n d e d _ r e p o r t _ l u n _ e n t r y d a t a s t r u c t u r e ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : R e a r r a n g e s t a r t _ i o t o a v o i d o n e u n l o c k / l o c k s e q u e n c e i n m a i n i o p a t h ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : a v o i d u n n e c e s s a r y r e a d l o n e v e r y c o m m a n d s u b m i s s i o n ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : u s e p e r - c p u v a r i a b l e f o r l o c k u p _ d e t e c t e d ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : s e t i r q a f f i n i t y h i n t s t o r o u t e M S I - X v e c t o r s a c r o s s C P U s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : a l l o c a t e r e p l y q u e u e s i n d i v i d u a l l y ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : c h o o s e n u m b e r o f r e p l y q u e u e s m o r e i n t e l l i g e n t l y . ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e m o v e d e v _ d b g ( ) c a l l s f r o m h o t p a t h s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : u s e g c c a l i g n e d a t t r i b u t e i n s t e a d o f m a n u a l l y p a d d i n g s t r u c t s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : c h a n g e d o o r b e l l r e s e t d e l a y t o t e n s e c o n d s ( J u s t i n L i n d l e y ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : a l l o w p a s s t h r u i o c t l s t o w o r k w i t h b i d i r e c t i o n a l c o m m a n d s ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : r e m o v e u n u s e d f i e l d s f r o m s t r u c t c t l r _ i n f o ( S t e p h e n M . C a m e r o n ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : f i x b a d c o m p a r i s o n o f s i g n e d w i t h u n s i g n e d i n h p s a _ u p d a t e _ s c s i _ d e v i c e s ( J o e H a n d z i k ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : d o n o t i g n o r e f a i l u r e o f s e n s e c o n t r o l l e r p a r a m e t e r s c o m m a n d ( J o e H a n d z i k ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : f i x m e m o r y l e a k i n h p s a _ h b a _ m o d e _ e n a b l e d ( J o e H a n d z i k ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : C h e c k i n g f o r a N U L L r e t u r n f r o m a k z a l l o c c a l l ( J o e H a n d z i k ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : u n n e c e s s a r y t y p e c o n v e r s i o n f o r p h y s d e v _ l i s t ( V a u g h a n C a o ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : d e t e c t _ c o n t r o l l e r _ l o c k u p d o n ' t n e e d r e t u r n v a l u e ( V a u g h a n C a o ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - h p s a : f i x u p M S I - X r e g i s t r a t i o n ( H a n n e s R e i n e c k e ) [ O r a b u g : 1 9 1 3 7 8 2 1 ] b r > - x e n / m i c r o c o d e : U s e d u m m y m i c r o c o d e _ o p s f o r n o n i n i t i a l d o m a i n g u e s t ( Z h e n z h o n g D u a n ) [ O r a b u g : 1 9 0 5 3 6 2 6 ] b r > - h y p e r v : C h a n g e t h e r e c e i v e b u f f e r s i z e f o r l e g a c y h o s t s ( H a i y a n g Z h a n g ) [ O r a b u g : 1 9 0 5 0 4 9 6 ] b r > - b e 2 n e t : f i x q n q m o d e d e t e c t i o n o n V F s ( S u r e s h R e d d y ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : c l e a n u p M C C a s y n c e v e n t p r o c e s s i n g c o d e ( S a t h y a P e r l a ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : m o v e a s y n c c m d p r o c e s s i n g t o a s e p a r a t e r o u t i n e ( S a t h y a P e r l a ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : r e - f a c t o r M C C Q e r r o r s t a t u s h a n d l i n g c o d e ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : s u p p o r t f l a s h i n g n e w r e g i o n s o n S k y h a w k - R ( V a s u n d h a r a V o l a m ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : s k i p m u l t i c a s t p r o m i s c u o s s e t t i n g i n a l r e a d y s e t ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : e n a b l e i n t e r r u p t s i n E E H r e s u m e ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - n e t : g e t r i d o f S E T _ E T H T O O L _ O P S ( W i l f r i e d K l a e b e ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : u s e M C C Q i n s t e a d o f M B O X i n b e _ c m d _ r s s _ c o n f i g ( ) ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : i n c l u d e r x - c o m p l e r r o r c o u n t e r i n e t h t o o l s t a t s ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : r e m o v e u n u s e d c o d e i n b e _ c m d _ v l a n _ c o n f i g ( ) ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : c o v e r t v l a n a r r a y t o b i t - m a p ( R a v i k u m a r N e l a v e l l i ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : f i x l i n e w r a p a n d f u n c t i o n c a l l i n d e n t a t i o n i n b e _ e t h t o o l . c ( S a t h y a P e r l a ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : f i x f u n c t i o n c a l l i n d e n t a t i o n i n b e _ c m d s . c ( S a t h y a P e r l a ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : f i x l i n e w r a p a n d f u n c t i o n c a l l i n d e n t a t i o n i n b e _ m a i n . c ( S a t h y a P e r l a ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : F i x i n v o c a t i o n o f b e _ c l o s e ( ) a f t e r b e _ c l e a r ( ) ( K a l e s h A P ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - b e 2 n e t : F i x t o r e a p T X c o m p l s t i l l H W d o e s n ' t r e s p o n d f o r s o m e t i m e ( V a s u n d h a r a V o l a m ) [ O r a b u g : 1 9 0 0 6 4 5 5 ] b r > - s e l i n u x : c o r r e c t l y l a b e l / p r o c i n o d e s i n u s e b e f o r e t h e p o l i c y i s l o a d e d ( P a u l M o o r e ) [ O r a b u g : 1 8 8 2 3 6 2 1 ] b r > - m m , h u g e t l b : i m p r o v e p a g e - f a u l t s c a l a b i l i t y ( D a v i d l o h r B u e s o ) [ O r a b u g : 1 8 7 5 7 2 5 6 ] b r > - c o n f i g : b u i l d T P M H W R a n d o m N u m b e r G e n e r a t o r a s m o d u l e ( G u a n g y u S u n ) [ O r a b u g : 1 8 5 0 2 0 2 4 ] b r > - c p u f r e q : D r o p r w s e m l o c k a r o u n d C P U F R E Q _ G O V _ P O L I C Y _ E X I T ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : P r e s e r v e s y s f s f i l e s a c r o s s s u s p e n d / r e s u m e ( S r i v a t s a S . B h a t ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q , o n d e m a n d : R e m o v e l e f t o v e r d e b u g l i n e ( B o r i s l a v P e t k o v ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : I s s u e C P U F R E Q _ G O V _ P O L I C Y _ E X I T n o t i f i e r b e f o r e d r o p p i n g p o l i c y r e f c o u n t ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : g o v e r n o r s : F i x C P U F R E Q _ G O V _ P O L I C Y _ { I N I T | E X I T } n o t i f i e r s ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : R e v e r t i n c o r r e c t c o m m i t 5 8 0 0 0 4 3 ( R a f a e l J . W y s o c k i ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : D o n ' t c a l l _ _ c p u f r e q _ g o v e r n o r ( ) f o r d r i v e r s w i t h o u t t a r g e t ( ) ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : c o n v e r t c p u f r e q _ d r i v e r t o u s i n g R C U ( N a t h a n Z i m m e r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : C a l l _ _ c p u f r e q _ g o v e r n o r ( ) w i t h c o r r e c t p o l i c y - > c p u s m a s k ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : C o r r e c t h e a d e r g u a r d s t y p o ( B o r i s l a v P e t k o v ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : F i x u n s i g n e d v a r i a b l e b e i n g c h e c k e d f o r n e g a t i v e v a l u e ( j h b i r d . c h o i @ s a m s u n g . c o m ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : c o n s e r v a t i v e : F i x t h e l o g i c i n f r e q u e n c y d e c r e a s e c h e c k i n g ( S t r a t o s K a r a f o t i s ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : c o n s e r v a t i v e : F i x s a m p l i n g _ d o w n _ f a c t o r f u n c t i o n a l i t y ( S t r a t o s K a r a f o t i s ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : g o v e r n o r s : C a l c u l a t e i o w a i t t i m e o n l y w h e n n e c e s s a r y ( S t r a t o s K a r a f o t i s ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : c o n s e r v a t i v e : F i x r e l a t i o n w h e n d e c r e a s i n g f r e q u e n c y ( N a m h y u n g K i m ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : c o n s e r v a t i v e : B r e a k o u t e a r l i e r o n t h e l o w e s t f r e q u e n c y ( N a m h y u n g K i m ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : g o v e r n o r s : A v o i d u n n e c e s s a r y p e r c p u t i m e r i n t e r r u p t s ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : o n d e m a n d : D o n ' t u p d a t e s a m p l e _ t y p e i f w e d o n ' t e v a l u a t e l o a d a g a i n ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : g o v e r n o r : S e t M I N _ L A T E N C Y _ M U L T I P L I E R t o 2 0 ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : g o v e r n o r : I m p l e m e n t p e r p o l i c y i n s t a n c e s o f g o v e r n o r s ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : A d d p e r p o l i c y g o v e r n o r - i n i t / e x i t i n f r a s t r u c t u r e ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : C o n v e r t t h e c p u f r e q _ d r i v e r _ l o c k t o a r w l o c k ( N a t h a n Z i m m e r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : a c p i - c p u f r e q : D o n ' t s e t p o l i c y - > r e l a t e d _ c p u s f r o m . i n i t ( ) ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : s t a t s : d o c p u f r e q _ c p u _ p u t ( ) c o r r e s p o n d i n g t o c p u f r e q _ c p u _ g e t ( ) ( v i r e s h k u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q _ s t a t s : d o n o t r e m o v e s y s f s f i l e s i f f r e q u e n c y t a b l e i s n o t p r e s e n t ( D i r k B r a n d e w i e ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : D o n o t t r a c k g o v e r n o r n a m e f o r s c a l i n g d r i v e r s w i t h i n t e r n a l g o v e r n o r s . ( D i r k B r a n d e w i e ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : O n l y c a l l c p u f r e q _ o u t _ o f _ s y n c ( ) f o r d r i v e r t h a t i m p l e m e n t c p u f r e q _ d r i v e r . t a r g e t ( ) ( D i r k B r a n d e w i e ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : R e t r i e v e c u r r e n t f r e q u e n c y f r o m s c a l i n g d r i v e r s w i t h i n t e r n a l g o v e r n o r s ( D i r k B r a n d e w i e ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : F i x l o c k i n g i s s u e s ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : C r e a t e a m a c r o f o r u n l o c k _ p o l i c y _ r w s e m { r e a d , w r i t e } ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > - c p u f r e q : R e m o v e u n u s e d H O T P L U G _ C P U c o d e ( V i r e s h K u m a r ) [ O r a b u g : 1 8 4 6 4 1 6 9 ] b r > / p > \n \n \n b r > h 2 > R e l a t e d C V E s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 2 9 3 0 . h t m l \" > C V E - 2 0 1 3 - 2 9 3 0 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 3 - 4 5 7 9 . h t m l \" > C V E - 2 0 1 3 - 4 5 7 9 / a > / t d > / t r > t r > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / c v e / C V E - 2 0 1 4 - 1 6 9 0 . h t m l \" > C V E - 2 0 1 4 - 1 6 9 0 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n b r > h 2 > U p d a t e d P a c k a g e s / h 2 > \n b r > t a b l e c e l l p a d d i n g = \" 2 \" c e l l s p a c i n g = \" 2 \" b o r d e r = \" 0 \" w i d t h = \" 1 0 0 % \" > t b o d y > \n t r s t y l e = \" c o l o r : # F F 0 0 0 0 ; \" > t d > b > R e l e a s e / A r c h i t e c t u r e / b > t d > b > F i l e n a m e / b > / t d > t d > b > M D 5 s u m / b > / t d > t d > b > S u p e r s e d e d B y A d v i s o r y / b > / t d > / t r > \n t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 6 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 4 4 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . s r c . r p m / t d > t d > 2 1 4 f b d f 2 b 8 1 7 d e 9 0 e f a 0 1 7 d 3 9 e 8 2 b 2 0 0 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . s r c . r p m / t d > t d > b 4 c 0 4 5 f f b 9 8 d 6 e d 7 e b d 3 8 7 b 3 c b f f 9 c 2 f / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 4 4 . e l 6 u e k - 0 . 4 . 3 - 4 . e l 6 . x 8 6 _ 6 4 . r p m / t d > t d > b e c 5 2 0 6 f 8 4 4 e f 3 5 2 a e 0 1 a 4 5 7 c a 7 8 9 8 c e / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > e f d 5 e 6 4 3 a 7 d 0 3 c 6 f c 1 0 2 4 3 8 8 f b b 8 9 6 e 3 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 6 0 1 9 7 5 4 9 f 7 b e 7 e 6 4 d 8 d 9 8 4 b d 4 5 5 0 e 7 c 6 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > a f 8 8 7 4 2 b a 8 8 8 b d e e b 3 c b d a e 3 6 9 d f 6 9 1 0 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 0 6 d 4 7 5 b 4 5 a 9 0 4 6 2 b b b b 2 8 2 a 5 8 2 b e 0 e a f / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . n o a r c h . r p m / t d > t d > 7 4 1 f b 3 0 c 0 9 b c 9 1 c 1 8 2 1 c 7 6 8 9 0 3 7 b e f 7 8 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 3 . 8 . 1 3 - 4 4 . e l 6 u e k . n o a r c h . r p m / t d > t d > 1 1 7 c 0 0 0 3 8 8 8 6 3 5 7 9 f 7 c d c d f f 0 d f 4 0 7 5 5 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d c o l s p a n = \" 4 \" > / t d > / t r > t r > t d > O r a c l e L i n u x 7 ( x 8 6 _ 6 4 ) / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 4 4 . e l 7 u e k - 0 . 4 . 3 - 4 . e l 7 . s r c . r p m / t d > t d > a 5 e 0 f 0 3 6 a b d 0 c 1 9 5 1 8 2 6 5 5 0 a c a 9 a b 2 1 1 / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . s r c . r p m / t d > t d > 2 7 6 2 1 5 b f a 3 f 4 4 a 8 5 c 2 4 7 0 5 1 d 4 9 d f b 7 7 2 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > d t r a c e - m o d u l e s - 3 . 8 . 1 3 - 4 4 . e l 7 u e k - 0 . 4 . 3 - 4 . e l 7 . x 8 6 _ 6 4 . r p m / t d > t d > 0 e 2 5 d 8 5 b 7 f 9 5 8 8 b 1 3 2 4 b 6 4 9 f f 6 8 7 6 8 6 b / t d > t d > a h r e f = # > - / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 8 5 5 3 7 c 9 0 1 8 c d c 0 c 0 9 d 0 d d 4 1 0 a e 1 d 2 1 8 1 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 6 b f b 3 4 c b e a 8 3 a e a 7 b 5 5 5 0 c 4 5 c 4 e 4 a 1 0 c / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e b u g - d e v e l - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > 6 c 6 6 1 9 4 e 1 6 f b 4 5 2 f 2 0 9 2 7 9 9 3 2 3 9 f d a b b / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d e v e l - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . x 8 6 _ 6 4 . r p m / t d > t d > d b 3 7 8 f 2 c 6 b c 5 6 6 3 0 4 c 5 6 b 1 3 8 8 a 5 0 a 1 6 5 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - d o c - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . n o a r c h . r p m / t d > t d > e f d 7 4 1 e b 4 f 6 1 0 5 8 1 7 8 c 6 f e 3 9 6 6 0 3 3 d 3 1 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > t r > t d > / t d > t d > k e r n e l - u e k - f i r m w a r e - 3 . 8 . 1 3 - 4 4 . e l 7 u e k . n o a r c h . r p m / t d > t d > 5 a 4 b f 2 3 0 4 d 9 4 5 8 b 8 d 0 0 1 b f 8 0 1 6 9 a 8 8 4 8 / t d > t d > a h r e f = \" h t t p : / / l i n u x . o r a c l e . c o m / e r r a t a / E L S A - 2 0 1 7 - 3 6 0 5 . h t m l \" > E L S A - 2 0 1 7 - 3 6 0 5 / a > / t d > / t r > \n / t b o d y > / t a b l e > \n \n \n b r > b r > \n b r > p > \n T h i s p a g e i s g e n e r a t e d a u t o m a t i c a l l y a n d h a s n o t b e e n c h e c k e d f o r e r r o r s o r o m i s s i o n s . F o r c l a r i f i c a t i o n \n o r c o r r e c t i o n s p l e a s e c o n t a c t t h e a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / \" > O r a c l e L i n u x U L N t e a m / a > / p > \n \n \n \n / d i v > \n ! - - \n / d i v > \n - - > \n / d i v > \n / d i v > \n \n \n d i v i d = \" m c 1 6 \" c l a s s = \" m c 1 6 v 0 \" > \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > T e c h n i c a l i n f o r m a t i o n / h 2 > \n u l > \n l i > a h r e f = \" h t t p s : / / l i n u x . o r a c l e . c o m / h a r d w a r e - c e r t i f i c a t i o n s \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x C e r t i f i e d H a r d w a r e / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / l i b r a r y / e l s p - l i f e t i m e - 0 6 9 3 3 8 . p d f \" > O r a c l e L i n u x S u p p o r t e d R e l e a s e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 1 \" > \n h 2 > O r a c l e L i n u x S u p p o r t / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / t e c h n o l o g i e s / l i n u x / O r a c l e L i n u x S u p p o r t / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e L i n u x S u p p o r t / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / p r e m i e r / s e r v e r s - s t o r a g e / o v e r v i e w / i n d e x . h t m l \" t a r g e t = \" _ b l a n k \" > O r a c l e P r e m i e r S u p p o r t f o r S y s t e m s / a > / l i > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / s u p p o r t / a d v a n c e d - c u s t o m e r - s e r v i c e s / o v e r v i e w / \" > A d v a n c e d C u s t o m e r S e r v i c e s / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 2 \" > \n h 2 > C o n n e c t / h 2 > \n u l > \n l i c l a s s = \" f b i c o n \" > a h r e f = \" h t t p : / / w w w . f a c e b o o k . c o m / o r a c l e l i n u x \" t i t l e = \" F a c e b o o k \" n a m e = \" F a c e b o o k \" t a r g e t = \" _ b l a n k \" i d = \" F a c e b o o k \" > F a c e b o o k / a > / l i > \n l i c l a s s = \" t w i c o n \" > a h r e f = \" h t t p : / / w w w . t w i t t e r . c o m / O r a c l e L i n u x \" t i t l e = \" T w i t t e r \" n a m e = \" T w i t t e r \" t a r g e t = \" _ b l a n k \" i d = \" T w i t t e r \" > T w i t t e r / a > / l i > \n l i c l a s s = \" i n i c o n \" > a h r e f = \" h t t p : / / w w w . l i n k e d i n . c o m / g r o u p s ? g i d = 1 2 0 2 3 8 \" t i t l e = \" L i n k e d I n \" n a m e = \" L i n k e d I n \" t a r g e t = \" _ b l a n k \" i d = \" L i n k e d I n \" > L i n k e d I n / a > / l i > \n l i c l a s s = \" y t i c o n \" > a h r e f = \" h t t p : / / w w w . y o u t u b e . c o m / o r a c l e l i n u x c h a n n e l \" t i t l e = \" Y o u T u b e \" n a m e = \" Y o u T u b e \" t a r g e t = \" _ b l a n k \" i d = \" Y o u T u b e \" > Y o u T u b e / a > / l i > \n l i c l a s s = \" b l o g i c o n \" > a h r e f = \" h t t p : / / b l o g s . o r a c l e . c o m / l i n u x \" t i t l e = \" B l o g \" n a m e = \" B l o g \" > B l o g / a > / l i > \n / u l > \n / d i v > \n \n d i v c l a s s = \" m c 1 6 w 3 \" > \n h 2 > C o n t a c t U s / h 2 > \n u l > \n l i > a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / u s / c o r p o r a t e / c o n t a c t / g l o b a l - 0 7 0 5 1 1 . h t m l \" > G l o b a l c o n t a c t s / a > / l i > \n l i > O r a c l e 1 - 8 0 0 - 6 3 3 - 0 6 9 1 / l i > \n / u l > \n / d i v > \n / d i v > \n / d i v > \n \n d i v i d = \" m c 0 4 \" c l a s s = \" m c 0 4 v 1 \" > \n d i v c l a s s = \" m c 0 4 w 1 \" > \n a h r e f = \" h t t p : / / o r a c l e . c o m \" > i m g s r c = \" / / w w w . o r a c l e i m g . c o m / a s s e t s / m c 0 4 - f o o t e r - l o g o . p n g \" b o r d e r = \" 0 \" a l t = \" s o f t w a r e . h a r d w a r e . c o m p l e t e \" / > / a > \n / d i v > \n \n d i v c l a s s = \" m c 0 4 w 2 \" > \n a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / s u b s c r i b e / i n d e x . h t m l \" > S u b s c r i b e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / e m p l o y m e n t / i n d e x . h t m l \" > C a r e e r s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / c o r p o r a t e / c o n t a c t / i n d e x . h t m l \" > C o n t a c t U s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / c o p y r i g h t . h t m l \" > L e g a l N o t i c e s / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / t e r m s . h t m l \" > T e r m s o f U s e / a > | a h r e f = \" h t t p : / / w w w . o r a c l e . c o m / h t m l / p r i v a c y . h t m l \" > Y o u r P r i v a c y R i g h t s / a > \n / d i v > \n / d i v > \n / d i v > \n / b o d y > \n / h t m l > \n ", "published": "2014-08-22T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-3070.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943", "CVE-2014-3145", "CVE-2013-4579", "CVE-2014-3144", "CVE-2014-0181", "CVE-2013-2930", "CVE-2014-4667", "CVE-2014-1690"], "lastseen": "2018-04-04T13:10:02"}, {"id": "ELSA-2014-1023", "type": "oraclelinux", "title": "kernel security and bug fix update", "description": "[3.10.0-123.6.3]\r\n- Oracle Linux certificates (Alexey Petrenko)\r\n \n[3.10.0-123.6.3]\r\n- [net] l2tp_ppp: fail when socket option level is not SOL_PPPOL2TP (Petr Matousek) [1119465 1119466] {CVE-2014-4943}\r\n \n[3.10.0-123.6.2.el7]\r\n- [s390] ptrace: correct insufficient sanitization when setting psw mask (Hendrik Brueckner) [1114090 1113673]\r\n \n[3.10.0-123.6.1.el7]\r\n- [x86] ptrace: force IRET path after a ptrace_stop() (Oleg Nesterov) [1115934 1115935] {CVE-2014-4699}\r\n \n[3.10.0-123.5.1.el7]\r\n- [net] ipv4/tunnels: fix an oops when using ipip/sit with IPsec (Jiri Pirko) [1114957 1108857]\r\n- [scsi] Add timeout to avoid infinite command retry (Ewan Milne) [1114468 1061871]\r\n- [net] filter: let bpf_tell_extensions return SKF_AD_MAX (Jiri Benc) [1114404 1079524]\r\n- [net] filter: introduce SO_BPF_EXTENSIONS (Jiri Benc) [1114404 1079524]\r\n- [net] sctp: Fix sk_ack_backlog wrap-around problem (Daniel Borkmann) [1113971 1112726] {CVE-2014-4667}\r\n- [tty] Set correct tty name in 'active' sysfs attribute (Denys Vlasenko) [1113467 1066403]\r\n- [powerpc] tm: Disable IRQ in tm_recheckpoint (Larry Woodman) [1113150 1088224]\r\n- [scsi] qla2xxx: Update version number to 8.06.00.08.07.0-k3 (Chad Dupuis) [1112389 1090378]\r\n- [scsi] qla2xxx: Reduce the time we wait for a command to complete during SCSI error handling (Chad Dupuis) [11123\r\n89 1090378]\r\n- [scsi] qla2xxx: Clear loop_id for ports that are marked lost during fabric scanning (Chad Dupuis) [1112389 109037\r\n8]\r\n- [scsi] qla2xxx: Avoid escalating the SCSI error handler if the command is not found in firmware (Chad Dupuis) [11\r\n12389 1090378]\r\n- [scsi] qla2xxx: Don't check for firmware hung during the reset context for ISP82XX (Chad Dupuis) [1112389 1090378\r\n]\r\n- [scsi] qla2xxx: Issue abort command for outstanding commands during cleanup when only firmware is alive (Chad Dup\r\nuis) [1112389 1090378]\r\n- [fs] nfs: Apply NFS_MOUNT_CMP_FLAGMASK to nfs_compare_remount_data() (Scott Mayhew) [1109407 1103805]\r\n- [ethernet] bnx2x: Fix kernel crash and data miscompare after EEH recovery (Michal Schmidt) [1107721 1101808]\r\n- [net] gro: restore frag0 optimization (and fix crash) (Michal Schmidt) [1099950 1069741]\r\n- [watchdog] hpwdt: display informative string (Nigel Croxon) [1096961 1074038]\r\n- [net] Use netlink_ns_capable to verify the permisions of netlink messages (Jiri Benc) [1094271 1094272] {CVE-2014\r\n-0181}\r\n- [net] netlink: Add variants of capable for use on netlink messages (Jiri Benc) [1094271 1094272] {CVE-2014-0181}\r\n- [net] diag: Move the permission check in sock_diag_put_filterinfo to packet_diag_dump (Jiri Benc) [1094271 109427\r\n2] {CVE-2014-0181}\r\n- [net] netlink: Rename netlink_capable netlink_allowed (Jiri Benc) [1094271 1094272] {CVE-2014-0181}\r\n- [net] diag: Fix ns_capable check in sock_diag_put_filterinfo (Jiri Benc) [1094271 1094272] {CVE-2014-0181}\r\n- [net] netlink: Fix permission check in netlink_connect() (Jiri Benc) [1094271 1094272] {CVE-2014-0181}\r\n- [kernel] cputime: Fix jiffies based cputime assumption on steal accounting (Frederic Weisbecker) [1090974 1047732\r\n]\r\n- [kernel] cputime: Bring cputime -> nsecs conversion (Frederic Weisbecker) [1090974 1047732]\r\n- [kernel] cputime: Default implementation of nsecs -> cputime conversion (Frederic Weisbecker) [1090974 1047732]\r\n- [net] mac80211: fix crash due to AP powersave TX vs. wakeup race (Jacob Tanenbaum) [1083533 1083534] {CVE-2014-27\r\n06}\r\n- [wireless] ath9k: tid->sched race in ath_tx_aggr_sleep() (Jacob Tanenbaum) [1083251 1083252] {CVE-2014-2672}\r\n- [powerpc] tm: Fix crash when forking inside a transaction (Radomir Vrbovsky) [1083214 1083215] {CVE-2014-2673}\r\n- [fs] aio: fix plug memory disclosure and fix reqs_active accounting backport (Jeff Moyer) [1094604 1094605] {CVE-\r\n2014-0206}\r\n- [fs] aio: plug memory disclosure and fix reqs_active accounting (Mateusz Guzik) [1094604 1094605] {CVE-2014-0206}\r", "published": "2014-08-06T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2014-1023.html", "cvelist": ["CVE-2014-2672", "CVE-2014-4699", "CVE-2014-4943", "CVE-2014-0206", "CVE-2014-3534", "CVE-2014-2673", "CVE-2014-0181", "CVE-2014-4667", "CVE-2014-2706"], "lastseen": "2016-09-04T11:16:05"}], "redhat": [{"id": "RHSA-2014:0923", "type": "redhat", "title": "(RHSA-2014:0923) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced\nprocess' instruction pointer to be set to a non-canonical memory address\nwithout forcing the non-sysret code path when returning to user space.\nA local, unprivileged user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4699,\nImportant)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,\nand Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-07-23T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0923", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2018-04-15T16:21:12"}, {"id": "RHSA-2014:0925", "type": "redhat", "title": "(RHSA-2014:0925) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced\nprocess' instruction pointer to be set to a non-canonical memory address\nwithout forcing the non-sysret code path when returning to user space.\nA local, unprivileged user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4699,\nImportant)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,\nand Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-07-23T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0925", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2016-09-04T11:18:00"}, {"id": "RHSA-2014:0924", "type": "redhat", "title": "(RHSA-2014:0924) Important: kernel security update", "description": "The kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced\nprocess' instruction pointer to be set to a non-canonical memory address\nwithout forcing the non-sysret code path when returning to user space.\nA local, unprivileged user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4699,\nImportant)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,\nand Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n", "published": "2014-07-23T04:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0924", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-03-05T13:18:42"}, {"id": "RHSA-2014:0979", "type": "redhat", "title": "(RHSA-2014:0979) Moderate: rhev-hypervisor6 security and bug fix update", "description": "The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization\nHypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor\nis a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes\neverything necessary to run and manage virtual machines: a subset of the\nRed Hat Enterprise Linux operating environment and the Red Hat Enterprise\nVirtualization Agent.\n\nNote: Red Hat Enterprise Virtualization Hypervisor is only available for\nthe Intel 64 and AMD64 architectures with virtualization extensions.\n\nIt was found that NSS accepted weak Diffie-Hellman Key exchange (DHKE)\nparameters. This could possibly lead to weak encryption being used in\ncommunication between the client and the server. (CVE-2014-1491)\n\nRed Hat would like to thank the Mozilla project for reporting the\nCVE-2014-1491 issue. Upstream acknowledges Antoine Delignat-Lavaud and\nKarthikeyan Bhargavan as the original reporters of CVE-2014-1491.\n\nThis update includes changes to the rhev-hypervisor component:\n\n* The most recent build of rhev-hypervisor is included in version 3.4.1.\n(BZ#1118298)\n\nThis updated package also provides updated components that include fixes\nfor various security issues. These issues have no security impact on Red\nHat Enterprise Virtualization Hypervisor itself, however. The security\nfixes included in this update address the following CVE numbers:\n\nCVE-2014-4699 and CVE-2014-4943 (kernel issues)\n\nCVE-2014-4607 (lzo issue)\n\nCVE-2013-1740, CVE-2014-1490, CVE-2014-1492, CVE-2014-1545, and\nCVE-2014-1544 (nss and nspr issues)\n\nUsers of the Red Hat Enterprise Virtualization Hypervisor are advised to\nupgrade to this updated package.\n", "published": "2014-07-29T04:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2014:0979", "cvelist": ["CVE-2014-4699", "CVE-2014-4943", "CVE-2013-1740", "CVE-2014-1545", "CVE-2014-1492", "CVE-2014-4607", "CVE-2014-1490", "CVE-2014-1544", "CVE-2014-1491"], "lastseen": "2017-03-10T07:18:35"}], "centos": [{"id": "CESA-2014:0923", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0923\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced\nprocess' instruction pointer to be set to a non-canonical memory address\nwithout forcing the non-sysret code path when returning to user space.\nA local, unprivileged user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4699,\nImportant)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,\nand Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/020446.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-headers\nkernel-tools\nkernel-tools-libs\nkernel-tools-libs-devel\nperf\npython-perf\n\n**Upstream details at:**\n", "published": "2014-07-25T13:22:28", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/020446.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-03T18:25:09"}, {"id": "CESA-2014:0924", "type": "centos", "title": "kernel, perf, python security update", "description": "**CentOS Errata and Security Advisory** CESA-2014:0924\n\n\nThe kernel packages contain the Linux kernel, the core of any Linux\noperating system.\n\n* It was found that the Linux kernel's ptrace subsystem allowed a traced\nprocess' instruction pointer to be set to a non-canonical memory address\nwithout forcing the non-sysret code path when returning to user space.\nA local, unprivileged user could use this flaw to crash the system or,\npotentially, escalate their privileges on the system. (CVE-2014-4699,\nImportant)\n\nNote: The CVE-2014-4699 issue only affected systems using an Intel CPU.\n\n* A flaw was found in the way the pppol2tp_setsockopt() and\npppol2tp_getsockopt() functions in the Linux kernel's PPP over L2TP\nimplementation handled requests with a non-SOL_PPPOL2TP socket option\nlevel. A local, unprivileged user could use this flaw to escalate their\nprivileges on the system. (CVE-2014-4943, Important)\n\nRed Hat would like to thank Andy Lutomirski for reporting CVE-2014-4699,\nand Sasha Levin for reporting CVE-2014-4943.\n\nAll kernel users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues. The system must be\nrebooted for this update to take effect.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2014-July/020444.html\n\n**Affected packages:**\nkernel\nkernel-abi-whitelists\nkernel-debug\nkernel-debug-devel\nkernel-devel\nkernel-doc\nkernel-firmware\nkernel-headers\nperf\npython-perf\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2014-0924.html", "published": "2014-07-25T12:19:52", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2014-July/020444.html", "cvelist": ["CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2017-10-03T18:25:17"}], "ubuntu": [{"id": "USN-2281-1", "type": "ubuntu", "title": "Linux kernel (EC2) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2281-1/", "cvelist": ["CVE-2014-4943", "CVE-2014-3917"], "lastseen": "2018-03-29T18:20:08"}, {"id": "USN-2283-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2283-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-4943"], "lastseen": "2018-03-29T18:19:24"}, {"id": "USN-2282-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2282-1/", "cvelist": ["CVE-2014-4943", "CVE-2014-3917"], "lastseen": "2018-03-29T18:18:13"}, {"id": "USN-2284-1", "type": "ubuntu", "title": "Linux kernel (OMAP4) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nAndy Lutomirski discovered a flaw with the Linux kernel\u2019s ptrace syscall on x86_64 processors. An attacker could exploit this flaw to cause a denial of service (System Crash) or potential gain administrative privileges. (CVE-2014-4699)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)", "published": "2014-07-16T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2284-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-4699", "CVE-2014-4943"], "lastseen": "2018-03-29T18:17:14"}, {"id": "USN-2287-1", "type": "ubuntu", "title": "Linux kernel (Saucy HWE) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)\n\nA flaw was discovered in the Linux kernel\u2019s implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)\n\nDon Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel\u2019s implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. (CVE-2014-4611)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2287-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-4943", "CVE-2014-4014", "CVE-2014-3917", "CVE-2014-4611"], "lastseen": "2018-03-29T18:21:18"}, {"id": "USN-2285-1", "type": "ubuntu", "title": "Linux kernel (Quantal HWE) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)\n\nSalva Peir\u00c3\u00b3 discovered an information leak in the Linux kernel\u2019s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)\n\nA flaw was discovered in the Linux kernel\u2019s implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)\n\nAn information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. A local user could exploit this flaw to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. (CVE-2014-4027)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2285-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-1739", "CVE-2014-4943", "CVE-2014-4014", "CVE-2014-3917", "CVE-2014-4027"], "lastseen": "2018-03-29T18:18:09"}, {"id": "USN-2289-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)\n\nA flaw was discovered in the Linux kernel\u2019s implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)\n\nDon Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608)\n\nDon Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel\u2019s implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. (CVE-2014-4611)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2289-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-4943", "CVE-2014-4014", "CVE-2014-3917", "CVE-2014-4608", "CVE-2014-4611"], "lastseen": "2018-03-29T18:20:43"}, {"id": "USN-2290-1", "type": "ubuntu", "title": "Linux kernel vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nSalva Peir\u00f3 discovered an information leak in the Linux kernel\u2019s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739)\n\nA bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3144)\n\nA remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3145)\n\nA flaw was discovered in the Linux kernel\u2019s handling of hugetlb entries. A local user could exploit this flaw to cause a denial service (memory corruption or system crash). (CVE-2014-3940)\n\nDon Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel\u2019s implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. (CVE-2014-4611)\n\nTuomas R\u00e4s\u00e4nen reported the Linux kernel on certain Intel processors does not properly initialize random seeds for network operations, causing TCP sequence numbers, TCP and UDP port numbers and IP ID values to be predictable. A remote attacker could exploit this flaw to spoof or disrupt IP communication. (CVE-2014-7284)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2290-1/", "cvelist": ["CVE-2014-3940", "CVE-2014-7284", "CVE-2014-1739", "CVE-2014-4943", "CVE-2014-3145", "CVE-2014-3144", "CVE-2014-4611"], "lastseen": "2018-03-29T18:20:32"}, {"id": "USN-2288-1", "type": "ubuntu", "title": "Linux kernel (Trusty HWE) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nSalva Peir\u00f3 discovered an information leak in the Linux kernel\u2019s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739)\n\nA bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3144)\n\nA remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3145)\n\nA flaw was discovered in the Linux kernel\u2019s handling of hugetlb entries. A local user could exploit this flaw to cause a denial service (memory corruption or system crash). (CVE-2014-3940)\n\nDon Bailey and Ludvig Strigeus discovered an integer overflow in the Linux kernel\u2019s implementation of the LZ4 decompression algorithm, when used by code not complying with API limitations. An attacker could exploit this flaw to cause a denial of service (memory corruption) or possibly other unspecified impact. (CVE-2014-4611)\n\nTuomas R\u00e4s\u00e4nen reported the Linux kernel on certain Intel processors does not properly initialize random seeds for network operations, causing TCP sequence numbers, TCP and UDP port numbers and IP ID values to be predictable. A remote attacker could exploit this flaw to spoof or disrupt IP communication. (CVE-2014-7284)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2288-1/", "cvelist": ["CVE-2014-3940", "CVE-2014-7284", "CVE-2014-1739", "CVE-2014-4943", "CVE-2014-3145", "CVE-2014-3144", "CVE-2014-4611"], "lastseen": "2018-03-29T18:19:36"}, {"id": "USN-2286-1", "type": "ubuntu", "title": "Linux kernel (Raring HWE) vulnerabilities", "description": "Sasha Levin reported a flaw in the Linux kernel\u2019s point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). A local user could exploit this flaw to gain administrative privileges. (CVE-2014-4943)\n\nMichael S. Tsirkin discovered an information leak in the Linux kernel\u2019s segmentation of skbs when using the zerocopy feature of vhost-net. A local attacker could exploit this flaw to gain potentially sensitive information from kernel memory. (CVE-2014-0131)\n\nSalva Peir\u00c3\u00b3 discovered an information leak in the Linux kernel\u2019s media- device driver. A local attacker could exploit this flaw to obtain sensitive information from kernel memory. (CVE-2014-1739)\n\nA bounds check error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3144)\n\nA remainder calculation error was discovered in the socket filter subsystem of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash) via crafted BPF instructions. (CVE-2014-3145)\n\nAn flaw was discovered in the Linux kernel\u2019s audit subsystem when auditing certain syscalls. A local attacker could exploit this flaw to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS). (CVE-2014-3917)\n\nA flaw was discovered in the Linux kernel\u2019s implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014)\n\nDon Bailey discovered a flaw in the LZO decompress algorithm used by the Linux kernel. An attacker could exploit this flaw to cause a denial of service (memory corruption or OOPS). (CVE-2014-4608)", "published": "2014-07-17T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/2286-1/", "cvelist": ["CVE-2014-0131", "CVE-2014-1739", "CVE-2014-4943", "CVE-2014-3145", "CVE-2014-4014", "CVE-2014-3917", "CVE-2014-3144", "CVE-2014-4608"], "lastseen": "2018-03-29T18:17:20"}], "debian": [{"id": "DSA-2992", "type": "debian", "title": "linux -- security update", "description": "Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service or privilege escalation:\n\n * [CVE-2014-3534](<https://security-tracker.debian.org/tracker/CVE-2014-3534>)\n\nMartin Schwidefsky of IBM discovered that the ptrace subsystem does not properly sanitize the psw mask value. On s390 systems, an unprivileged local user could use this flaw to set address space control bits to kernel space combination and thus gain read/write access to kernel memory.\n\n * [CVE-2014-4667](<https://security-tracker.debian.org/tracker/CVE-2014-4667>)\n\nGopal Reddy Kodudula of Nokia Siemens Networks discovered that the sctp_association_free function does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.\n\n * [CVE-2014-4943](<https://security-tracker.debian.org/tracker/CVE-2014-4943>)\n\nSasha Levin discovered a flaw in the Linux kernel's point-to-point protocol (PPP) when used with the Layer Two Tunneling Protocol (L2TP). An unprivileged local user could use this flaw for privilege escalation.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 3.2.60-1+deb7u3.\n\nFor the unstable distribution (sid), these problems have been fixed in version 3.14.13-2.\n\nWe recommend that you upgrade your linux packages.", "published": "2014-07-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-2992", "cvelist": ["CVE-2014-4943", "CVE-2014-3534", "CVE-2014-4667"], "lastseen": "2018-05-07T00:55:14"}, {"id": "DLA-103", "type": "debian", "title": "linux-2.6 -- LTS security update", "description": "This security upload has been prepared in cooperation of the Debian Kernel, Security and LTS Teams and features the upstream stable release 2.6.32.64 (see <https://lkml.org/lkml/2014/11/23/181> for more information for that). It fixes the CVEs described below. \n\n**Note**: if you are using the openvz flavors, please consider three things: a.) we haven't got any feedback on them (while we have for all other flavors) b.) so do your test before deploying them and c.) once you have done so, please give feedback to debian-lts@lists.debian.org.\n\nIf you are not using openvz flavors, please still consider b+c :-)\n\n * [CVE-2012-6657](<https://security-tracker.debian.org/tracker/CVE-2012-6657>)\n\nFix the sock_setsockopt function to prevent local users from being able to cause a denial of service (system crash) attack.\n\n * [CVE-2013-0228](<https://security-tracker.debian.org/tracker/CVE-2013-0228>)\n\nFix a XEN priviledge escalation, which allowed guest OS users to gain guest OS priviledges.\n\n * [CVE-2013-7266](<https://security-tracker.debian.org/tracker/CVE-2013-7266>)\n\nFix the mISDN_sock_recvmsg function to prevent local users from obtaining sensitive information from kernel memory.\n\n * [CVE-2014-4157](<https://security-tracker.debian.org/tracker/CVE-2014-4157>)\n\nMIPS platform: prevent local users from bypassing intended PR_SET_SECCOMP restrictions.\n\n * [CVE-2014-4508](<https://security-tracker.debian.org/tracker/CVE-2014-4508>)\n\nPrevent local users from causing a denial of service (OOPS and system crash) when syscall auditing is enabled .\n\n * [CVE-2014-4653](<https://security-tracker.debian.org/tracker/CVE-2014-4653>)\n\n[CVE-2014-4654](<https://security-tracker.debian.org/tracker/CVE-2014-4654>) [CVE-2014-4655](<https://security-tracker.debian.org/tracker/CVE-2014-4655>)\n\nFix the ALSA control implementation to prevent local users from causing a denial of service attack and from obtaining sensitive information from kernel memory.\n\n * [CVE-2014-4943](<https://security-tracker.debian.org/tracker/CVE-2014-4943>)\n\nFix PPPoL2TP feature to prevent local users to from gaining privileges.\n\n * [CVE-2014-5077](<https://security-tracker.debian.org/tracker/CVE-2014-5077>)\n\nPrevent remote attackers from causing a denial of service attack involving SCTP.\n\n * [CVE-2014-5471](<https://security-tracker.debian.org/tracker/CVE-2014-5471>)\n\n[CVE-2014-5472](<https://security-tracker.debian.org/tracker/CVE-2014-5472>)\n\nFix the parse_rock_ridge_inode_internal function to prevent local users from causing a denial of service attack via a crafted iso9660 images.\n\n * [CVE-2014-9090](<https://security-tracker.debian.org/tracker/CVE-2014-9090>)\n\nFix the do_double_fault function to prevent local users from causing a denial of service (panic) attack.\n\nFor Debian 6 Squeeze, these issues have been fixed in linux-2.6 version 2.6.32-48squeeze9", "published": "2014-12-09T00:00:00", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://www.debian.org/security/2014/dla-103", "cvelist": ["CVE-2014-5077", "CVE-2013-0228", "CVE-2014-4157", "CVE-2014-4655", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-4653", "CVE-2013-7266", "CVE-2014-5472", "CVE-2014-4654", "CVE-2012-6657", "CVE-2014-5471"], "lastseen": "2016-09-02T12:57:25"}], "suse": [{"id": "SUSE-SU-2014:1319-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel before 3.14.6 does not\n initialize a certain data structure, which allows local users to\n obtain sensitive information from kernel memory by leveraging\n /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call\n (bnc#882804).\n\n *\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does\n not properly implement the interaction between range notification and hole\n punching, which allows local users to cause a denial of service (i_mutex\n hold) by using the mmap system call to access a hole, as demonstrated by\n interfering with intended shmem activity by blocking completion of (1) an\n MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call\n (bnc#883518).\n\n *\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled\n and the sep CPU feature flag is set, allows local users to cause a denial\n of service (OOPS and system crash) via an invalid syscall number, as\n demonstrated by number 1000 (bnc#883724).\n\n *\n\n CVE-2014-4667: The sctp_association_free function in\n net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly\n manage a certain backlog value, which allows remote attackers to cause a\n denial of service (socket outage) via a crafted SCTP packet (bnc#885422).\n\n *\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allows local users to gain privileges by\n leveraging data-structure differences between an l2tp socket and an inet\n socket (bnc#887082).\n\n *\n\n CVE-2014-5077: The sctp_assoc_update function in\n net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP\n authentication is enabled, allows remote attackers to cause a denial of\n service (NULL pointer dereference and OOPS) by starting to establish an\n association between two endpoints immediately after an exchange of INIT\n and INIT ACK chunks to establish an earlier association between these\n endpoints in the opposite direction (bnc#889173).\n\n *\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel through 3.16.1 allows local users to cause a denial of service\n (uncontrolled recursion, and system crash or reboot) via a crafted iso9660\n image with a CL entry referring to a directory entry that has a CL entry.\n (bnc#892490)\n\n *\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to\n cause a denial of service (unkillable mount process) via a crafted iso9660\n image with a self-referential CL entry. (bnc#892490)\n\n *\n\n CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux\n kernel before 3.13.7 allows remote attackers to cause a denial of service\n (system crash) via network traffic that improperly interacts with the\n WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and\n tx.c. (bnc#871797)\n\n *\n\n CVE-2014-4027: The rd_build_device_space function in\n drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from ramdisk_mcp memory by leveraging access\n to a SCSI initiator. (bnc#882639)\n\n *\n\n CVE-2014-3153 The futex_requeue function in kernel/futex.c in the\n Linux kernel through 3.14.5 does not ensure that calls have two different\n futex addresses, which allows local users to gain privileges via a crafted\n FUTEX_REQUEUE command that facilitates unsafe waiter modification.\n (bnc#880892)\n\n *\n\n CVE-2014-6410: Avoid infinite loop when processing indirect ICBs\n (bnc#896689)\n\n The following non-security bugs have been fixed:\n\n * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911).\n * ACPI: Fix bug when ACPI reset register is implemented in system\n memory (bnc#882900).\n * ACPI: Limit access to custom_method (bnc#884333).\n * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746).\n * Add option to automatically enforce module signatures when in Secure\n Boot mode (bnc#884333).\n * Add secure_modules() call (bnc#884333).\n * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344).\n * Backported new patches of Lock down functions for UEFI secure boot\n Also updated series.conf and removed old patches.\n * Btrfs: Return EXDEV for cross file system snapshot.\n * Btrfs: abort the transaction when we does not find our extent ref.\n * Btrfs: avoid warning bomb of btrfs_invalidate_inodes.\n * Btrfs: cancel scrub on transaction abortion.\n * Btrfs: correctly set profile flags on seqlock retry.\n * Btrfs: does not check nodes for extent items.\n * Btrfs: fix a possible deadlock between scrub and transaction\n committing.\n * Btrfs: fix corruption after write/fsync failure + fsync + log\n recovery (bnc#894200).\n * Btrfs: fix csum tree corruption, duplicate and outdated checksums\n (bnc#891619).\n * Btrfs: fix double free in find_lock_delalloc_range.\n * Btrfs: fix possible memory leak in btrfs_create_tree().\n * Btrfs: fix use of uninit "ret" in end_extent_writepage().\n * Btrfs: free delayed node outside of root->inode_lock (bnc#866864).\n * Btrfs: make DEV_INFO ioctl available to anyone.\n * Btrfs: make FS_INFO ioctl available to anyone.\n * Btrfs: make device scan less noisy.\n * Btrfs: make sure there are not any read requests before stopping\n workers.\n * Btrfs: more efficient io tree navigation on wait_extent_bit.\n * Btrfs: output warning instead of error when loading free space cache\n failed.\n * Btrfs: retrieve more info from FS_INFO ioctl.\n * Btrfs: return EPERM when deleting a default subvolume (bnc#869934).\n * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol\n (bnc#866615).\n * Btrfs: use right type to get real comparison.\n * Btrfs: wake up @scrub_pause_wait as much as we can.\n * Btrfs: wake up transaction thread upon remount.\n * CacheFiles: Add missing retrieval completions (bnc#880344).\n * CacheFiles: Does not try to dump the index key if the cookie has\n been cleared (bnc#880344).\n * CacheFiles: Downgrade the requirements passed to the allocator\n (bnc#880344).\n * CacheFiles: Fix the marking of cached pages (bnc#880344).\n * CacheFiles: Implement invalidation (bnc#880344).\n * CacheFiles: Make some debugging statements conditional (bnc#880344).\n * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840).\n * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code\n (bnc#886840).\n * FS-Cache: Add transition to handle invalidate immediately after\n lookup (bnc#880344).\n * FS-Cache: Check that there are no read ops when cookie relinquished\n (bnc#880344).\n * FS-Cache: Clear remaining page count on retrieval cancellation\n (bnc#880344).\n * FS-Cache: Convert the object event ID #defines into an enum\n (bnc#880344).\n * FS-Cache: Does not sleep in page release if __GFP_FS is not set\n (bnc#880344).\n * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344).\n * FS-Cache: Exclusive op submission can BUG if there is been an I/O\n error (bnc#880344).\n * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the\n counter != 0 (bnc#880344).\n * FS-Cache: Fix object state machine to have separate work and wait\n states (bnc#880344).\n * FS-Cache: Fix operation state management and accounting (bnc#880344).\n * FS-Cache: Fix signal handling during waits (bnc#880344).\n * FS-Cache: Initialise the object event mask with the calculated mask\n (bnc#880344).\n * FS-Cache: Limit the number of I/O error reports for a cache\n (bnc#880344).\n * FS-Cache: Make cookie relinquishment wait for outstanding reads\n (bnc#880344).\n * FS-Cache: Mark cancellation of in-progress operation (bnc#880344).\n * FS-Cache: One of the write operation paths doeses not set the object\n state (bnc#880344).\n * FS-Cache: Provide proper invalidation (bnc#880344).\n * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops\n (bnc#880344).\n * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t\n (bnc#880344).\n * FS-Cache: Uninline fscache_object_init() (bnc#880344).\n * FS-Cache: Wrap checks on object state (bnc#880344).\n * HID: usbhid: add always-poll quirk (bnc#888607).\n * HID: usbhid: enable always-poll quirk for Elan Touchscreen\n (bnc#888607).\n * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297).\n * Ignore "flags" change to event_constraint (bnc#876114).\n * Ignore data_src/weight changes to perf_sample_data (bnc#876114).\n * NFS: Allow more operations in an NFSv4.1 request (bnc#890513).\n * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968).\n * NFS: Does not copy read delegation stateids in setattr (bnc#888968).\n * NFS: Does not use a delegation to open a file when returning that\n delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496)\n * NFS: Fixes for NFS RCU-walk support in line with code going upstream\n * NFS: Use FS-Cache invalidation (bnc#880344).\n * NFS: allow lockless access to access_cache (bnc#866130).\n * NFS: avoid mountpoint being displayed as " (deleted)" in\n /proc/mounts (bnc#888591).\n * NFS: nfs4_do_open should add negative results to the dcache\n (bnc#866130).\n * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a\n page (bnc#880344).\n * NFS: nfs_open_revalidate: only evaluate parent if it will be used\n (bnc#866130).\n * NFS: prepare for RCU-walk support but pushing tests later in code\n (bnc#866130).\n * NFS: support RCU_WALK in nfs_permission() (bnc#866130).\n * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130).\n * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130).\n * NFSD: Does not hand out delegations for 30 seconds after recalling\n them (bnc#880370).\n * NFSv4 set open access operation call flag in nfs4_init_opendata_res\n (bnc#888968, bnc#892200, bnc#893596, bnc#893496).\n * NFSv4: Add a helper for encoding opaque data (bnc#888968).\n * NFSv4: Add a helper for encoding stateids (bnc#888968).\n * NFSv4: Add helpers for basic copying of stateids (bnc#888968).\n * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968).\n * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968).\n * NFSv4: Rename nfs4_copy_stateid() (bnc#888968).\n * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an\n error (bnc#888968).\n * NFSv4: Simplify the struct nfs4_stateid (bnc#888968).\n * NFSv4: The stateid must remain the same for replayed RPC calls\n (bnc#888968).\n * NFSv4: nfs4_stateid_is_current should return "true" for an invalid\n stateid (bnc#888968).\n * One more fix for kABI breakage.\n * PCI: Lock down BAR access when module security is enabled\n (bnc#884333).\n * PCI: enable MPS "performance" setting to properly handle bridge MPS\n (bnc#883376).\n * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441).\n * PM / Hibernate: Create a Radix-Tree to store memory bitmap\n (bnc#860441).\n * PM / Hibernate: Implement position keeping in radix tree\n (bnc#860441).\n * PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * PM / Hibernate: Remove the old memory-bitmap implementation\n (bnc#860441).\n * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node\n (bnc#860441).\n * Restrict /dev/mem and /dev/kmem when module loading is restricted\n (bnc#884333).\n * Reuse existing "state" field to indicate PERF_X86_EVENT_PEBS_LDLAT\n (bnc#876114).\n * USB: handle LPM errors during device suspend correctly (bnc#849123).\n * Update kabi files to reflect fscache change (bnc#880344)\n * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281)\n * VFS: Make more complete truncate operation available to CacheFiles\n (bnc#880344).\n * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366,\n ltc#83367).\n * acpi: Ignore acpi_rsdp kernel parameter when module loading is\n restricted (bnc#884333).\n * af_iucv: correct cleanup if listen backlog is full (bnc#885262,\n LTC#111728).\n * asus-wmi: Restrict debugfs interface when module loading is\n restricted (bnc#884333).\n * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130).\n * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130).\n * autofs4: does not take spinlock when not needed in\n autofs4_lookup_expiring (bnc#866130).\n * autofs4: factor should_expire() out of autofs4_expire_indirect\n (bnc#866130).\n * autofs4: make "autofs4_can_expire" idempotent (bnc#866130).\n * autofs4: remove a redundant assignment (bnc#866130).\n * autofs: fix lockref lookup (bnc#888591).\n * be2net: add dma_mapping_error() check for dma_map_page()\n (bnc#881759).\n * block: add cond_resched() to potentially long running ioctl discard\n loop (bnc#884725).\n * block: fix race between request completion and timeout handling\n (bnc#881051).\n * cdc-ether: clean packet filter upon probe (bnc#876017).\n * cpuset: Fix memory allocator deadlock (bnc#876590).\n * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs\n have them, but some are FIPS certified, with some kernel support.\n * crypto: fips - only panic on bad/missing crypto mod signatures\n (bnc#887503).\n * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips\n mode (bnc#889451).\n * dasd: validate request size before building CCW/TCW (bnc#891087,\n LTC#114068).\n * dm mpath: fix race condition between multipath_dtr and pg_init_done\n (bnc#826486).\n * dm-mpath: fix panic on deleting sg device (bnc#870161).\n * drm/ast: AST2000 cannot be detected correctly (bnc#895983).\n * drm/ast: Actually load DP501 firmware when required (bnc#895608\n bnc#871134).\n * drm/ast: Add missing entry to dclk_table[].\n * drm/ast: Add reduced non reduced mode parsing for wide screen mode\n (bnc#892723).\n * drm/ast: initial DP501 support (v0.2) (bnc#871134).\n * drm/ast: open key before detect chips (bnc#895983).\n * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304).\n * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064).\n * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init\n (bnc#869055).\n * drm/i915: create functions for the "unclaimed register" checks\n (bnc#869055).\n * drm/i915: use FPGA_DBG for the "unclaimed register" checks\n (bnc#869055).\n * drm/mgag200: Initialize data needed to map fbdev memory (bnc\n #806990).\n * e1000e: enable support for new device IDs (bnc#885509).\n * fs/fscache: remove spin_lock() from the condition in while()\n (bnc#880344).\n * hibernate: Disable in a signed modules environment (bnc#884333).\n * hugetlb: does not use ERR_PTR with VM_FAULT* values\n * ibmvscsi: Abort init sequence during error recovery (bnc#885382).\n * ibmvscsi: Add memory barriers for send / receive (bnc#885382).\n * inet: add a redirect generation id in inetpeer (bnc#860593).\n * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593).\n * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645).\n * kabi: hide bnc#860593 changes of struct inetpeer_addr_base\n (bnc#860593).\n * kernel: 3215 tty hang (bnc#891087, LTC#114562).\n * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087,\n LTC#114480).\n * kernel: fix kernel oops with load of fpc register (bnc#889061,\n LTC#113596).\n * kernel: sclp console tty reference counting (bnc#891087, LTC#115466).\n * kexec: Disable at runtime if the kernel enforces module loading\n restrictions (bnc#884333).\n * md/raid6: avoid data corruption during recovery of double-degraded\n RAID6.\n * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim\n fix).\n * memcg: do not expose uninitialized mem_cgroup_per_node to world\n (bnc#883096).\n * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves()\n * mm, hugetlb: change variable name reservations to resv\n * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache\n * mm, hugetlb: defer freeing pages when gathering surplus pages\n * mm, hugetlb: do not use a page in page cache for cow optimization\n * mm, hugetlb: fix and clean-up node iteration code to alloc or free\n * mm, hugetlb: fix race in region tracking\n * mm, hugetlb: fix subpool accounting handling\n * mm, hugetlb: improve page-fault scalability\n * mm, hugetlb: improve, cleanup resv_map parameters\n * mm, hugetlb: move up the code which check availability of free huge\n page\n * mm, hugetlb: protect reserved pages when soft offlining a hugepage\n * mm, hugetlb: remove decrement_hugepage_resv_vma()\n * mm, hugetlb: remove redundant list_empty check in\n gather_surplus_pages()\n * mm, hugetlb: remove resv_map_put\n * mm, hugetlb: remove useless check about mapping type\n * mm, hugetlb: return a reserved page to a reserved pool if failed\n * mm, hugetlb: trivial commenting fix\n * mm, hugetlb: unify region structure handling\n * mm, hugetlb: unify region structure handling kabi\n * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb\n Fault Scalability).\n * mm, hugetlb: use vma_resv_map() map types\n * mm, oom: fix badness score underflow (bnc#884582, bnc#884767).\n * mm, oom: normalize oom scores to oom_score_adj scale only for\n userspace (bnc#884582, bnc#884767).\n * mm, thp: do not allow thp faults to avoid cpuset restrictions\n (bnc#888849).\n * net/mlx4_core: Load higher level modules according to ports type\n (bnc#887680).\n * net/mlx4_core: Load the IB driver when the device supports IBoE\n (bnc#887680).\n * net/mlx4_en: Fix a race between napi poll function and RX ring\n cleanup (bnc#863586).\n * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058).\n * net: fix checksumming features handling in output path (bnc#891259).\n * pagecache_limit: batch large nr_to_scan targets (bnc#895221).\n * pagecachelimit: reduce lru_lock congestion for heavy parallel\n reclaim fix (bnc#895680).\n * perf/core: Add weighted samples (bnc#876114).\n * perf/x86: Add flags to event constraints (bnc#876114).\n * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114).\n * perf: Add generic memory sampling interface (bnc#876114).\n * qla2xxx: Avoid escalating the SCSI error handler if the command is\n not found in firmware (bnc#859840).\n * qla2xxx: Clear loop_id for ports that are marked lost during fabric\n scanning (bnc#859840).\n * qla2xxx: Does not check for firmware hung during the reset context\n for ISP82XX (bnc#859840).\n * qla2xxx: Issue abort command for outstanding commands during cleanup\n when only firmware is alive (bnc#859840).\n * qla2xxx: Reduce the time we wait for a command to complete during\n SCSI error handling (bnc#859840).\n * qla2xxx: Set host can_queue value based on available resources\n (bnc#859840).\n * restore smp_mb() in unlock_new_inode() (bnc#890526).\n * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061,\n LTC#113725).\n * sched: fix the theoretical signal_wake_up() vs schedule() race\n (bnc#876055).\n * sclp_vt220: Enable integrated ASCII console per default (bnc#885262,\n LTC#112035).\n * scsi_dh: use missing accessor "scsi_device_from_queue" (bnc#889614).\n * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608).\n * scsiback: correct grant page unmapping.\n * scsiback: fix retry handling in __report_luns().\n * scsiback: free resources after error.\n * sunrpc/auth: allow lockless (rcu) lookup of credential cache\n (bnc#866130).\n * supported.conf: remove external from drivers/net/veth (bnc#889727)\n * supported.conf: support net/sched/act_police.ko (bnc#890426)\n * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921).\n * tg3: Change nvram command timeout value to 50ms (bnc#855657).\n * tg3: Override clock, link aware and link idle mode during NVRAM dump\n (bnc#855657).\n * tg3: Set the MAC clock to the fastest speed during boot code load\n (bnc#855657).\n * usb: Does not enable LPM if the exit latency is zero (bnc#832309).\n * usbcore: Does not log on consecutive debounce failures of the same\n port (bnc#888105).\n * usbhid: fix PIXART optical mouse (bnc#888607).\n * uswsusp: Disable when module loading is restricted (bnc#884333).\n * vscsi: support larger transfer sizes (bnc#774818).\n * writeback: Do not sync data dirtied after sync start (bnc#833820).\n * x86 thermal: Delete power-limit-notification console messages\n (bnc#882317).\n * x86 thermal: Disable power limit notification interrupt by default\n (bnc#882317).\n * x86 thermal: Re-enable power limit notification interrupt by default\n (bnc#882317).\n * x86, cpu hotplug: Fix stack frame warning in\n check_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847).\n * x86/UV: Add kdump to UV NMI handler (bnc#888847).\n * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847).\n * x86/UV: Move NMI support (bnc#888847).\n * x86/UV: Update UV support for external NMI signals (bnc#888847).\n * x86/uv/nmi: Fix Sparse warnings (bnc#888847).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: Lock down IO port access when module security is enabled\n (bnc#884333).\n * x86: Restrict MSR access when module loading is restricted\n (bnc#884333).\n\n Security Issues:\n\n * CVE-2013-1979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979</a>>\n * CVE-2014-1739\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739</a>>\n * CVE-2014-2706\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706</a>>\n * CVE-2014-4027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027</a>>\n * CVE-2014-4171\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4667\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-3153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>\n * CVE-2014-6410\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410</a>>\n\n The SUSE Linux Enterprise 11 Service Pack 3 RealTime Extension kernel was\n updated to fix various bugs and security issues.\n\n Following security bugs were fixed: CVE-2013-1979: The scm_set_cred\n function in include/net/scm.h in the Linux kernel before 3.8.11 uses\n incorrect uid and gid values during credentials passing, which allows\n local users to gain privileges via a crafted application (bnc#816708).\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel before 3.14.6 does not\n initialize a certain data structure, which allows local users to obtain\n sensitive information from kernel memory by leveraging /dev/media0 read\n access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804).\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not\n properly implement the interaction between range notification and hole\n punching, which allows local users to cause a denial of service (i_mutex\n hold) by using the mmap system call to access a hole, as demonstrated by\n interfering with intended shmem activity by blocking completion of (1) an\n MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call\n (bnc#883518).\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through\n 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the\n sep CPU feature flag is set, allows local users to cause a denial of\n service (OOPS and system crash) via an invalid syscall number, as\n demonstrated by number 1000 (bnc#883724).\n\n CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c\n in the Linux kernel before 3.15.2 does not properly manage a certain\n backlog value, which allows remote attackers to cause a denial of service\n (socket outage) via a crafted SCTP packet (bnc#885422).\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel through 3.15.6 allows local users to gain privileges by leveraging\n data-structure differences between an l2tp socket and an inet socket\n (bnc#887082).\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel through 3.15.8, when SCTP authentication is enabled,\n allows remote attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by starting to establish an association between two\n endpoints immediately after an exchange of INIT and INIT ACK chunks to\n establish an earlier association between these endpoints in the opposite\n direction (bnc#889173).\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel through 3.16.1 allows local users to cause a denial of service\n (uncontrolled recursion, and system crash or reboot) via a crafted iso9660\n image with a CL entry referring to a directory entry that has a CL entry.\n (bnc#892490)\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to\n cause a denial of service (unkillable mount process) via a crafted iso9660\n image with a self-referential CL entry. (bnc#892490)\n\n CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux\n kernel before 3.13.7 allows remote attackers to cause a denial of service\n (system crash) via network traffic that improperly interacts with the\n WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and\n tx.c. (bnc#871797)\n\n CVE-2014-4027: The rd_build_device_space function in\n drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from ramdisk_mcp memory by leveraging access\n to a SCSI initiator. (bnc#882639)\n\n CVE-2014-3153 The futex_requeue function in kernel/futex.c in the Linux\n kernel through 3.14.5 does not ensure that calls have two different futex\n addresses, which allows local users to gain privileges via a crafted\n FUTEX_REQUEUE command that facilitates unsafe waiter modification.\n (bnc#880892)\n\n CVE-2014-6410: Avoid infinite loop when processing indirect ICBs\n (bnc#896689)\n\n The following non-security bugs were fixed: - ACPI / PAD: call schedule()\n when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset\n register is implemented in system memory (bnc#882900). - ACPI: Limit\n access to custom_method (bnc#884333). - ALSA: hda - Enabling Realtek ALC\n 671 codec (bnc#891746). - Add option to automatically enforce module\n signatures when in Secure Boot mode (bnc#884333). - Add secure_modules()\n call (bnc#884333).\n - Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344). - Backported\n new patches of Lock down functions for UEFI secure boot Also updated\n series.conf and removed old patches. - Btrfs: Return EXDEV for cross\n file system snapshot. - Btrfs: abort the transaction when we does not\n find our extent ref. - Btrfs: avoid warning bomb of\n btrfs_invalidate_inodes. - Btrfs: cancel scrub on transaction abortion.\n - Btrfs: correctly set profile flags on seqlock retry. - Btrfs: does not\n check nodes for extent items. - Btrfs: fix a possible deadlock between\n scrub and transaction committing. - Btrfs: fix corruption after\n write/fsync failure + fsync + log recovery (bnc#894200). - Btrfs: fix\n csum tree corruption, duplicate and outdated checksums (bnc#891619). -\n Btrfs: fix double free in find_lock_delalloc_range. - Btrfs: fix\n possible memory leak in btrfs_create_tree(). - Btrfs: fix use of uninit\n "ret" in end_extent_writepage(). - Btrfs: free delayed node outside of\n root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl available to\n anyone. - Btrfs: make FS_INFO ioctl available to anyone. - Btrfs: make\n device scan less noisy. - Btrfs: make sure there are not any read\n requests before stopping workers. - Btrfs: more efficient io tree\n navigation on wait_extent_bit. - Btrfs: output warning instead of error\n when loading free space cache failed. - Btrfs: retrieve more info from\n FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume\n (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default\n subvol (bnc#866615).\n - Btrfs: use right type to get real comparison. - Btrfs: wake up\n @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread\n upon remount. - CacheFiles: Add missing retrieval completions\n (bnc#880344).\n - CacheFiles: Does not try to dump the index key if the cookie has been\n cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to\n the allocator (bnc#880344). - CacheFiles: Fix the marking of cached\n pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). -\n CacheFiles: Make some debugging statements conditional (bnc#880344). -\n Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers:\n hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840).\n - FS-Cache: Add transition to handle invalidate immediately after lookup\n (bnc#880344). - FS-Cache: Check that there are no read ops when cookie\n relinquished (bnc#880344). - FS-Cache: Clear remaining page count on\n retrieval cancellation (bnc#880344). - FS-Cache: Convert the object\n event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep\n in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does\n not use spin_is_locked() in assertions (bnc#880344). - FS-Cache:\n Exclusive op submission can BUG if there is been an I/O error\n (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action\n func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state\n machine to have separate work and wait states (bnc#880344). - FS-Cache:\n Fix operation state management and accounting (bnc#880344). - FS-Cache:\n Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise\n the object event mask with the calculated mask (bnc#880344). - FS-Cache:\n Limit the number of I/O error reports for a cache (bnc#880344). -\n FS-Cache: Make cookie relinquishment wait for outstanding reads\n (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation\n (bnc#880344). - FS-Cache: One of the write operation paths doeses not\n set the object state (bnc#880344). - FS-Cache: Provide proper\n invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for\n fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval\n remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache:\n Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on\n object state (bnc#880344). - HID: usbhid: add always-poll quirk\n (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan\n Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling\n (bnc#890297). - Ignore "flags" change to event_constraint (bnc#876114). -\n Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS:\n Allow more\n operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper\n function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read\n delegation stateids in setattr (bnc#888968). - NFS: Does not use a\n delegation to open a file when returning that delegation (bnc#888968,\n bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support\n in line with code going upstream - NFS: Use FS-Cache invalidation\n (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130).\n - NFS: avoid mountpoint being displayed as " (deleted)" in /proc/mounts\n (bnc#888591). - NFS: nfs4_do_open should add negative results to the\n dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache\n to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only\n evaluate parent if it will be used (bnc#866130). - NFS: prepare for\n RCU-walk support but pushing tests later in code (bnc#866130). - NFS:\n support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach\n nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach\n nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does\n not hand out delegations for 30 seconds after recalling them\n (bnc#880370). - NFSv4 set open access\n operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200,\n bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data\n (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). -\n NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4:\n Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return\n value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename\n nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call\n if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the\n struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the\n same for replayed RPC calls (bnc#888968). - NFSv4:\n nfs4_stateid_is_current should return "true" for an invalid stateid\n (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR\n access when module security is enabled (bnc#884333). - PCI: enable MPS\n "performance" setting to properly handle bridge MPS (bnc#883376). - PM /\n Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM /\n Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM\n / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM\n / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()\n (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap\n implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog\n in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when\n module loading is restricted (bnc#884333). - Reuse existing "state" field\n to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM\n errors during device suspend correctly (bnc#849123). - Update kabi files\n to reflect fscache change (bnc#880344) - Update x86_64 config files:\n re-enable SENSORS_W83627EHF (bnc#891281) - VFS: Make more complete\n truncate operation available to CacheFiles (bnc#880344). - [FEAT NET1222]\n ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi:\n Ignore acpi_rsdp kernel parameter when module loading is restricted\n (bnc#884333). - af_iucv: correct cleanup if listen backlog is full\n (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when\n module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to\n walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during\n rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed\n in autofs4_lookup_expiring (bnc#866130). - autofs4: factor\n should_expire() out\n of autofs4_expire_indirect (bnc#866130). - autofs4: make\n "autofs4_can_expire" idempotent (bnc#866130). - autofs4: remove a\n redundant assignment (bnc#866130). - autofs: fix lockref lookup\n (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page()\n (bnc#881759). - block: add cond_resched() to potentially long running\n ioctl discard loop (bnc#884725). - block: fix race between request\n completion and timeout handling (bnc#881051). - cdc-ether: clean packet\n filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock\n (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not\n all archs have them, but some are FIPS certified, with some kernel\n support. - crypto: fips\n - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto:\n testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode\n (bnc#889451). - dasd: validate request size before building CCW/TCW\n (bnc#891087, LTC#114068). - dm mpath: fix race condition between\n multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on\n deleting sg device (bnc#870161). - drm/ast: AST2000 cannot be detected\n correctly (bnc#895983). - drm/ast: Actually load DP501 firmware when\n required (bnc#895608 bnc#871134). - drm/ast: Add missing entry to\n dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide\n screen mode (bnc#892723). - drm/ast: initial DP501 support (v0.2)\n (bnc#871134). - drm/ast: open key before detect chips (bnc#895983). -\n drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304). -\n drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064). -\n drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init (bnc#869055).\n - drm/i915: create functions for the "unclaimed register" checks\n (bnc#869055). - drm/i915: use FPGA_DBG for the "unclaimed register"\n checks (bnc#869055). - drm/mgag200: Initialize data needed to map fbdev\n memory (bnc #806990). - e1000e: enable support for new device IDs\n (bnc#885509). - fs/fscache: remove spin_lock() from the condition in\n while() (bnc#880344).\n - hibernate: Disable in a signed modules environment (bnc#884333). -\n hugetlb: does not use ERR_PTR with VM_FAULT* values - ibmvscsi: Abort\n init sequence during error recovery (bnc#885382). - ibmvscsi: Add memory\n barriers for send / receive (bnc#885382). - inet: add a redirect\n generation id in inetpeer (bnc#860593). - inetpeer: initialize\n ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix\n tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of\n struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang\n (bnc#891087, LTC#114562). - kernel: fix data corruption when reading\n /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with\n load of fpc register (bnc#889061, LTC#113596).\n - kernel: sclp console tty reference counting (bnc#891087, LTC#115466). -\n kexec: Disable at runtime if the kernel enforces module loading\n restrictions (bnc#884333). - md/raid6: avoid data corruption during\n recovery of double-degraded RAID6. - memcg, vmscan: Fix forced scan of\n anonymous pages (memory reclaim fix). - memcg: do not expose\n uninitialized mem_cgroup_per_node to world (bnc#883096). - mm, hugetlb:\n add VM_NORESERVE check in vma_has_reserves() - mm, hugetlb: change\n variable name reservations to resv - mm, hugetlb: decrement reserve\n count if VM_NORESERVE alloc page cache - mm, hugetlb: defer freeing\n pages when gathering surplus pages - mm, hugetlb: do not use a page in\n page cache for cow optimization - mm, hugetlb: fix and clean-up node\n iteration code to alloc or free - mm, hugetlb: fix race in region\n tracking - mm, hugetlb: fix subpool accounting handling - mm, hugetlb:\n improve page-fault scalability - mm, hugetlb: improve, cleanup resv_map\n parameters - mm, hugetlb: move up the code which check availability of\n free huge page - mm, hugetlb: protect reserved pages when soft offlining\n a hugepage - mm, hugetlb: remove decrement_hugepage_resv_vma() - mm,\n hugetlb: remove redundant list_empty check in gather_surplus_pages() -\n mm, hugetlb: remove resv_map_put - mm, hugetlb: remove useless check\n about mapping type - mm, hugetlb: return a reserved page to a reserved\n pool if failed - mm, hugetlb: trivial commenting fix - mm, hugetlb:\n unify region structure handling - mm, hugetlb: unify region structure\n handling kabi - mm, hugetlb: use long vars instead of int in\n region_count() (Hugetlb Fault Scalability). - mm, hugetlb: use\n vma_resv_map() map types - mm, oom: fix badness score underflow\n (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to\n oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm,\n thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). -\n net/mlx4_core: Load higher level modules according to ports type\n (bnc#887680). - net/mlx4_core: Load the IB driver when the device\n supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll\n function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest\n failing on non 10G link speed (bnc#888058). - net: fix checksumming\n features handling in\n output path (bnc#891259). - pagecache_limit: batch large nr_to_scan\n targets (bnc#895221). - pagecachelimit: reduce lru_lock congestion for\n heavy parallel reclaim fix (bnc#895680). - perf/core: Add weighted\n samples (bnc#876114). - perf/x86: Add flags to event constraints\n (bnc#876114). - perf/x86: Add memory profiling via PEBS Load Latency\n (bnc#876114). - perf: Add generic memory sampling interface (bnc#876114).\n - qla2xxx: Avoid escalating the SCSI error handler if the command is not\n found in firmware (bnc#859840). - qla2xxx: Clear loop_id for ports that\n are marked lost during fabric scanning (bnc#859840). - qla2xxx: Does not\n check for firmware hung during the reset context for ISP82XX\n (bnc#859840). - qla2xxx: Issue abort command for outstanding commands\n during cleanup when only firmware is alive (bnc#859840). - qla2xxx:\n Reduce the time we wait for a command to complete during SCSI error\n handling (bnc#859840). - qla2xxx: Set host can_queue value based on\n available resources (bnc#859840). - restore smp_mb() in\n unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy IOTLB\n flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the\n theoretical signal_wake_up() vs schedule() race (bnc#876055). -\n sclp_vt220: Enable integrated ASCII console per default (bnc#885262,\n LTC#112035). - scsi_dh: use missing accessor "scsi_device_from_queue"\n (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail\n (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix\n retry handling in __report_luns(). - scsiback: free resources after\n error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache\n (bnc#866130). - supported.conf: remove external from drivers/net/veth\n (bnc#889727) - supported.conf: support net/sched/act_police.ko\n (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic\n (bnc#879921). - tg3: Change nvram command timeout value to 50ms\n (bnc#855657). - tg3: Override clock, link aware and link idle mode during\n NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed\n during boot code load (bnc#855657). - usb: Does not enable LPM if the\n exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive\n debounce failures of the same port (bnc#888105). - usbhid: fix PIXART\n optical mouse (bnc#888607). - uswsusp: Disable when module loading is\n restricted (bnc#884333). - vscsi: support larger transfer sizes\n (bnc#774818). - writeback: Do not sync data dirtied after sync start\n (bnc#833820). - x86 thermal: Delete power-limit-notification console\n messages (bnc#882317). - x86 thermal: Disable power limit notification\n interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit\n notification interrupt by default (bnc#882317). - x86, cpu hotplug: Fix\n stack frame warning in check_irq_vectors_for_cpu_disable() (bnc#887418).\n - x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847). - x86/UV:\n Add kdump to UV NMI handler (bnc#888847). - x86/UV: Add summary of cpu\n activity to UV NMI handler (bnc#888847). - x86/UV: Move NMI support\n (bnc#888847). - x86/UV: Update UV support for external NMI signals\n (bnc#888847). - x86/uv/nmi: Fix Sparse warnings (bnc#888847). - x86: Add\n check for number\n of available vectors before CPU down (bnc#887418). - x86: Lock down IO\n port access when module security is enabled (bnc#884333). - x86: Restrict\n MSR access when module loading is restricted (bnc#884333).\n\n Security Issues:\n\n * CVE-2013-1979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979</a>>\n * CVE-2014-1739\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739</a>>\n * CVE-2014-2706\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706</a>>\n * CVE-2014-4027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027</a>>\n * CVE-2014-4171\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4667\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-3153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>\n * CVE-2014-6410\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410</a>>\n", "published": "2014-10-23T01:08:35", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00007.html", "cvelist": ["CVE-2014-5077", "CVE-2014-1739", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-4027", "CVE-2013-1979", "CVE-2014-3153", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-4667", "CVE-2014-2706"], "lastseen": "2016-09-04T12:08:53"}, {"id": "SUSE-SU-2014:1316-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 3 kernel has been updated to fix\n various bugs and security issues.\n\n The following security bugs have been fixed:\n\n *\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel before 3.14.6 does not\n initialize a certain data structure, which allows local users to\n obtain sensitive information from kernel memory by leveraging\n /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call\n (bnc#882804).\n\n *\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does\n not properly implement the interaction between range notification and hole\n punching, which allows local users to cause a denial of service (i_mutex\n hold) by using the mmap system call to access a hole, as demonstrated by\n interfering with intended shmem activity by blocking completion of (1) an\n MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call\n (bnc#883518).\n\n *\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled\n and the sep CPU feature flag is set, allows local users to cause a denial\n of service (OOPS and system crash) via an invalid syscall number, as\n demonstrated by number 1000 (bnc#883724).\n\n *\n\n CVE-2014-4667: The sctp_association_free function in\n net/sctp/associola.c in the Linux kernel before 3.15.2 does not properly\n manage a certain backlog value, which allows remote attackers to cause a\n denial of service (socket outage) via a crafted SCTP packet (bnc#885422).\n\n *\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allows local users to gain privileges by\n leveraging data-structure differences between an l2tp socket and an inet\n socket (bnc#887082).\n\n *\n\n CVE-2014-5077: The sctp_assoc_update function in\n net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP\n authentication is enabled, allows remote attackers to cause a denial of\n service (NULL pointer dereference and OOPS) by starting to establish an\n association between two endpoints immediately after an exchange of INIT\n and INIT ACK chunks to establish an earlier association between these\n endpoints in the opposite direction (bnc#889173).\n\n *\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel through 3.16.1 allows local users to cause a denial of service\n (uncontrolled recursion, and system crash or reboot) via a crafted iso9660\n image with a CL entry referring to a directory entry that has a CL entry.\n (bnc#892490)\n\n *\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to\n cause a denial of service (unkillable mount process) via a crafted iso9660\n image with a self-referential CL entry. (bnc#892490)\n\n *\n\n CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux\n kernel before 3.13.7 allows remote attackers to cause a denial of service\n (system crash) via network traffic that improperly interacts with the\n WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and\n tx.c. (bnc#871797)\n\n *\n\n CVE-2014-4027: The rd_build_device_space function in\n drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from ramdisk_mcp memory by leveraging access\n to a SCSI initiator. (bnc#882639)\n\n *\n\n CVE-2014-3153 The futex_requeue function in kernel/futex.c in the\n Linux kernel through 3.14.5 does not ensure that calls have two different\n futex addresses, which allows local users to gain privileges via a crafted\n FUTEX_REQUEUE command that facilitates unsafe waiter modification.\n (bnc#880892)\n\n *\n\n CVE-2014-6410: Avoid infinite loop when processing indirect ICBs\n (bnc#896689)\n\n The following non-security bugs have been fixed:\n\n * ACPI / PAD: call schedule() when need_resched() is true (bnc#866911).\n * ACPI: Fix bug when ACPI reset register is implemented in system\n memory (bnc#882900).\n * ACPI: Limit access to custom_method (bnc#884333).\n * ALSA: hda - Enabling Realtek ALC 671 codec (bnc#891746).\n * Add option to automatically enforce module signatures when in Secure\n Boot mode (bnc#884333).\n * Add secure_modules() call (bnc#884333).\n * Add wait_on_atomic_t() and wake_up_atomic_t() (bnc#880344).\n * Backported new patches of Lock down functions for UEFI secure boot\n Also updated series.conf and removed old patches.\n * Btrfs: Return EXDEV for cross file system snapshot.\n * Btrfs: abort the transaction when we does not find our extent ref.\n * Btrfs: avoid warning bomb of btrfs_invalidate_inodes.\n * Btrfs: cancel scrub on transaction abortion.\n * Btrfs: correctly set profile flags on seqlock retry.\n * Btrfs: does not check nodes for extent items.\n * Btrfs: fix a possible deadlock between scrub and transaction\n committing.\n * Btrfs: fix corruption after write/fsync failure + fsync + log\n recovery (bnc#894200).\n * Btrfs: fix csum tree corruption, duplicate and outdated checksums\n (bnc#891619).\n * Btrfs: fix double free in find_lock_delalloc_range.\n * Btrfs: fix possible memory leak in btrfs_create_tree().\n * Btrfs: fix use of uninit "ret" in end_extent_writepage().\n * Btrfs: free delayed node outside of root->inode_lock (bnc#866864).\n * Btrfs: make DEV_INFO ioctl available to anyone.\n * Btrfs: make FS_INFO ioctl available to anyone.\n * Btrfs: make device scan less noisy.\n * Btrfs: make sure there are not any read requests before stopping\n workers.\n * Btrfs: more efficient io tree navigation on wait_extent_bit.\n * Btrfs: output warning instead of error when loading free space cache\n failed.\n * Btrfs: retrieve more info from FS_INFO ioctl.\n * Btrfs: return EPERM when deleting a default subvolume (bnc#869934).\n * Btrfs: unset DCACHE_DISCONNECTED when mounting default subvol\n (bnc#866615).\n * Btrfs: use right type to get real comparison.\n * Btrfs: wake up @scrub_pause_wait as much as we can.\n * Btrfs: wake up transaction thread upon remount.\n * CacheFiles: Add missing retrieval completions (bnc#880344).\n * CacheFiles: Does not try to dump the index key if the cookie has\n been cleared (bnc#880344).\n * CacheFiles: Downgrade the requirements passed to the allocator\n (bnc#880344).\n * CacheFiles: Fix the marking of cached pages (bnc#880344).\n * CacheFiles: Implement invalidation (bnc#880344).\n * CacheFiles: Make some debugging statements conditional (bnc#880344).\n * Drivers: hv: util: Fix a bug in the KVP code (bnc#886840).\n * Drivers: hv: vmbus: Fix a bug in the channel callback dispatch code\n (bnc#886840).\n * FS-Cache: Add transition to handle invalidate immediately after\n lookup (bnc#880344).\n * FS-Cache: Check that there are no read ops when cookie relinquished\n (bnc#880344).\n * FS-Cache: Clear remaining page count on retrieval cancellation\n (bnc#880344).\n * FS-Cache: Convert the object event ID #defines into an enum\n (bnc#880344).\n * FS-Cache: Does not sleep in page release if __GFP_FS is not set\n (bnc#880344).\n * FS-Cache: Does not use spin_is_locked() in assertions (bnc#880344).\n * FS-Cache: Exclusive op submission can BUG if there is been an I/O\n error (bnc#880344).\n * FS-Cache: Fix __wait_on_atomic_t() to call the action func if the\n counter != 0 (bnc#880344).\n * FS-Cache: Fix object state machine to have separate work and wait\n states (bnc#880344).\n * FS-Cache: Fix operation state management and accounting (bnc#880344).\n * FS-Cache: Fix signal handling during waits (bnc#880344).\n * FS-Cache: Initialise the object event mask with the calculated mask\n (bnc#880344).\n * FS-Cache: Limit the number of I/O error reports for a cache\n (bnc#880344).\n * FS-Cache: Make cookie relinquishment wait for outstanding reads\n (bnc#880344).\n * FS-Cache: Mark cancellation of in-progress operation (bnc#880344).\n * FS-Cache: One of the write operation paths doeses not set the object\n state (bnc#880344).\n * FS-Cache: Provide proper invalidation (bnc#880344).\n * FS-Cache: Simplify cookie retention for fscache_objects, fixing oops\n (bnc#880344).\n * FS-Cache: The retrieval remaining-pages counter needs to be atomic_t\n (bnc#880344).\n * FS-Cache: Uninline fscache_object_init() (bnc#880344).\n * FS-Cache: Wrap checks on object state (bnc#880344).\n * HID: usbhid: add always-poll quirk (bnc#888607).\n * HID: usbhid: enable always-poll quirk for Elan Touchscreen\n (bnc#888607).\n * IB/iser: Add TIMEWAIT_EXIT event handling (bnc#890297).\n * Ignore "flags" change to event_constraint (bnc#876114).\n * Ignore data_src/weight changes to perf_sample_data (bnc#876114).\n * NFS: Allow more operations in an NFSv4.1 request (bnc#890513).\n * NFS: Clean up helper function nfs4_select_rw_stateid() (bnc#888968).\n * NFS: Does not copy read delegation stateids in setattr (bnc#888968).\n * NFS: Does not use a delegation to open a file when returning that\n delegation (bnc#888968, bnc#892200, bnc#893596, bnc#893496)\n * NFS: Fixes for NFS RCU-walk support in line with code going upstream\n * NFS: Use FS-Cache invalidation (bnc#880344).\n * NFS: allow lockless access to access_cache (bnc#866130).\n * NFS: avoid mountpoint being displayed as " (deleted)" in\n /proc/mounts (bnc#888591).\n * NFS: nfs4_do_open should add negative results to the dcache\n (bnc#866130).\n * NFS: nfs_migrate_page() does not wait for FS-Cache to finish with a\n page (bnc#880344).\n * NFS: nfs_open_revalidate: only evaluate parent if it will be used\n (bnc#866130).\n * NFS: prepare for RCU-walk support but pushing tests later in code\n (bnc#866130).\n * NFS: support RCU_WALK in nfs_permission() (bnc#866130).\n * NFS: teach nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130).\n * NFS: teach nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130).\n * NFSD: Does not hand out delegations for 30 seconds after recalling\n them (bnc#880370).\n * NFSv4 set open access operation call flag in nfs4_init_opendata_res\n (bnc#888968, bnc#892200, bnc#893596, bnc#893496).\n * NFSv4: Add a helper for encoding opaque data (bnc#888968).\n * NFSv4: Add a helper for encoding stateids (bnc#888968).\n * NFSv4: Add helpers for basic copying of stateids (bnc#888968).\n * NFSv4: Clean up nfs4_select_rw_stateid() (bnc#888968).\n * NFSv4: Fix the return value of nfs4_select_rw_stateid (bnc#888968).\n * NFSv4: Rename nfs4_copy_stateid() (bnc#888968).\n * NFSv4: Resend the READ/WRITE RPC call if a stateid change causes an\n error (bnc#888968).\n * NFSv4: Simplify the struct nfs4_stateid (bnc#888968).\n * NFSv4: The stateid must remain the same for replayed RPC calls\n (bnc#888968).\n * NFSv4: nfs4_stateid_is_current should return "true" for an invalid\n stateid (bnc#888968).\n * One more fix for kABI breakage.\n * PCI: Lock down BAR access when module security is enabled\n (bnc#884333).\n * PCI: enable MPS "performance" setting to properly handle bridge MPS\n (bnc#883376).\n * PM / Hibernate: Add memory_rtree_find_bit function (bnc#860441).\n * PM / Hibernate: Create a Radix-Tree to store memory bitmap\n (bnc#860441).\n * PM / Hibernate: Implement position keeping in radix tree\n (bnc#860441).\n * PM / Hibernate: Iterate over set bits instead of PFNs in\n swsusp_free() (bnc#860441).\n * PM / Hibernate: Remove the old memory-bitmap implementation\n (bnc#860441).\n * PM / Hibernate: Touch Soft Lockup Watchdog in rtree_next_node\n (bnc#860441).\n * Restrict /dev/mem and /dev/kmem when module loading is restricted\n (bnc#884333).\n * Reuse existing "state" field to indicate PERF_X86_EVENT_PEBS_LDLAT\n (bnc#876114).\n * USB: handle LPM errors during device suspend correctly (bnc#849123).\n * Update kabi files to reflect fscache change (bnc#880344)\n * Update x86_64 config files: re-enable SENSORS_W83627EHF (bnc#891281)\n * VFS: Make more complete truncate operation available to CacheFiles\n (bnc#880344).\n * [FEAT NET1222] ib_uverbs: Allow explicit mmio trigger (FATE#83366,\n ltc#83367).\n * acpi: Ignore acpi_rsdp kernel parameter when module loading is\n restricted (bnc#884333).\n * af_iucv: correct cleanup if listen backlog is full (bnc#885262,\n LTC#111728).\n * asus-wmi: Restrict debugfs interface when module loading is\n restricted (bnc#884333).\n * autofs4: allow RCU-walk to walk through autofs4 (bnc#866130).\n * autofs4: avoid taking fs_lock during rcu-walk (bnc#866130).\n * autofs4: does not take spinlock when not needed in\n autofs4_lookup_expiring (bnc#866130).\n * autofs4: factor should_expire() out of autofs4_expire_indirect\n (bnc#866130).\n * autofs4: make "autofs4_can_expire" idempotent (bnc#866130).\n * autofs4: remove a redundant assignment (bnc#866130).\n * autofs: fix lockref lookup (bnc#888591).\n * be2net: add dma_mapping_error() check for dma_map_page()\n (bnc#881759).\n * block: add cond_resched() to potentially long running ioctl discard\n loop (bnc#884725).\n * block: fix race between request completion and timeout handling\n (bnc#881051).\n * cdc-ether: clean packet filter upon probe (bnc#876017).\n * cpuset: Fix memory allocator deadlock (bnc#876590).\n * crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not all archs\n have them, but some are FIPS certified, with some kernel support.\n * crypto: fips - only panic on bad/missing crypto mod signatures\n (bnc#887503).\n * crypto: testmgr - allow aesni-intel and ghash_clmulni-intel in fips\n mode (bnc#889451).\n * dasd: validate request size before building CCW/TCW (bnc#891087,\n LTC#114068).\n * dm mpath: fix race condition between multipath_dtr and pg_init_done\n (bnc#826486).\n * dm-mpath: fix panic on deleting sg device (bnc#870161).\n * drm/ast: AST2000 cannot be detected correctly (bnc#895983).\n * drm/ast: Actually load DP501 firmware when required (bnc#895608\n bnc#871134).\n * drm/ast: Add missing entry to dclk_table[].\n * drm/ast: Add reduced non reduced mode parsing for wide screen mode\n (bnc#892723).\n * drm/ast: initial DP501 support (v0.2) (bnc#871134).\n * drm/ast: open key before detect chips (bnc#895983).\n * drm/i915: Fix up cpt pixel multiplier enable sequence (bnc#879304).\n * drm/i915: Only apply DPMS to the encoder if enabled (bnc#893064).\n * drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at driver init\n (bnc#869055).\n * drm/i915: create functions for the "unclaimed register" checks\n (bnc#869055).\n * drm/i915: use FPGA_DBG for the "unclaimed register" checks\n (bnc#869055).\n * drm/mgag200: Initialize data needed to map fbdev memory (bnc\n #806990).\n * e1000e: enable support for new device IDs (bnc#885509).\n * fs/fscache: remove spin_lock() from the condition in while()\n (bnc#880344).\n * hibernate: Disable in a signed modules environment (bnc#884333).\n * hugetlb: does not use ERR_PTR with VM_FAULT* values\n * ibmvscsi: Abort init sequence during error recovery (bnc#885382).\n * ibmvscsi: Add memory barriers for send / receive (bnc#885382).\n * inet: add a redirect generation id in inetpeer (bnc#860593).\n * inetpeer: initialize ->redirect_genid in inet_getpeer() (bnc#860593).\n * ipv6: tcp: fix tcp_v6_conn_request() (bnc#887645).\n * kabi: hide bnc#860593 changes of struct inetpeer_addr_base\n (bnc#860593).\n * kernel: 3215 tty hang (bnc#891087, LTC#114562).\n * kernel: fix data corruption when reading /proc/sysinfo (bnc#891087,\n LTC#114480).\n * kernel: fix kernel oops with load of fpc register (bnc#889061,\n LTC#113596).\n * kernel: sclp console tty reference counting (bnc#891087, LTC#115466).\n * kexec: Disable at runtime if the kernel enforces module loading\n restrictions (bnc#884333).\n * md/raid6: avoid data corruption during recovery of double-degraded\n RAID6.\n * memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim\n fix).\n * memcg: do not expose uninitialized mem_cgroup_per_node to world\n (bnc#883096).\n * mm, hugetlb: add VM_NORESERVE check in vma_has_reserves()\n * mm, hugetlb: change variable name reservations to resv\n * mm, hugetlb: decrement reserve count if VM_NORESERVE alloc page cache\n * mm, hugetlb: defer freeing pages when gathering surplus pages\n * mm, hugetlb: do not use a page in page cache for cow optimization\n * mm, hugetlb: fix and clean-up node iteration code to alloc or free\n * mm, hugetlb: fix race in region tracking\n * mm, hugetlb: fix subpool accounting handling\n * mm, hugetlb: improve page-fault scalability\n * mm, hugetlb: improve, cleanup resv_map parameters\n * mm, hugetlb: move up the code which check availability of free huge\n page\n * mm, hugetlb: protect reserved pages when soft offlining a hugepage\n * mm, hugetlb: remove decrement_hugepage_resv_vma()\n * mm, hugetlb: remove redundant list_empty check in\n gather_surplus_pages()\n * mm, hugetlb: remove resv_map_put\n * mm, hugetlb: remove useless check about mapping type\n * mm, hugetlb: return a reserved page to a reserved pool if failed\n * mm, hugetlb: trivial commenting fix\n * mm, hugetlb: unify region structure handling\n * mm, hugetlb: unify region structure handling kabi\n * mm, hugetlb: use long vars instead of int in region_count() (Hugetlb\n Fault Scalability).\n * mm, hugetlb: use vma_resv_map() map types\n * mm, oom: fix badness score underflow (bnc#884582, bnc#884767).\n * mm, oom: normalize oom scores to oom_score_adj scale only for\n userspace (bnc#884582, bnc#884767).\n * mm, thp: do not allow thp faults to avoid cpuset restrictions\n (bnc#888849).\n * net/mlx4_core: Load higher level modules according to ports type\n (bnc#887680).\n * net/mlx4_core: Load the IB driver when the device supports IBoE\n (bnc#887680).\n * net/mlx4_en: Fix a race between napi poll function and RX ring\n cleanup (bnc#863586).\n * net/mlx4_en: Fix selftest failing on non 10G link speed (bnc#888058).\n * net: fix checksumming features handling in output path (bnc#891259).\n * pagecache_limit: batch large nr_to_scan targets (bnc#895221).\n * pagecachelimit: reduce lru_lock congestion for heavy parallel\n reclaim fix (bnc#895680).\n * perf/core: Add weighted samples (bnc#876114).\n * perf/x86: Add flags to event constraints (bnc#876114).\n * perf/x86: Add memory profiling via PEBS Load Latency (bnc#876114).\n * perf: Add generic memory sampling interface (bnc#876114).\n * qla2xxx: Avoid escalating the SCSI error handler if the command is\n not found in firmware (bnc#859840).\n * qla2xxx: Clear loop_id for ports that are marked lost during fabric\n scanning (bnc#859840).\n * qla2xxx: Does not check for firmware hung during the reset context\n for ISP82XX (bnc#859840).\n * qla2xxx: Issue abort command for outstanding commands during cleanup\n when only firmware is alive (bnc#859840).\n * qla2xxx: Reduce the time we wait for a command to complete during\n SCSI error handling (bnc#859840).\n * qla2xxx: Set host can_queue value based on available resources\n (bnc#859840).\n * restore smp_mb() in unlock_new_inode() (bnc#890526).\n * s390/pci: introduce lazy IOTLB flushing for DMA unmap (bnc#889061,\n LTC#113725).\n * sched: fix the theoretical signal_wake_up() vs schedule() race\n (bnc#876055).\n * sclp_vt220: Enable integrated ASCII console per default (bnc#885262,\n LTC#112035).\n * scsi_dh: use missing accessor "scsi_device_from_queue" (bnc#889614).\n * scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail (bnc#887608).\n * scsiback: correct grant page unmapping.\n * scsiback: fix retry handling in __report_luns().\n * scsiback: free resources after error.\n * sunrpc/auth: allow lockless (rcu) lookup of credential cache\n (bnc#866130).\n * supported.conf: remove external from drivers/net/veth (bnc#889727)\n * supported.conf: support net/sched/act_police.ko (bnc#890426)\n * tcp: adapt selected parts of RFC 5682 and PRR logic (bnc#879921).\n * tg3: Change nvram command timeout value to 50ms (bnc#855657).\n * tg3: Override clock, link aware and link idle mode during NVRAM dump\n (bnc#855657).\n * tg3: Set the MAC clock to the fastest speed during boot code load\n (bnc#855657).\n * usb: Does not enable LPM if the exit latency is zero (bnc#832309).\n * usbcore: Does not log on consecutive debounce failures of the same\n port (bnc#888105).\n * usbhid: fix PIXART optical mouse (bnc#888607).\n * uswsusp: Disable when module loading is restricted (bnc#884333).\n * vscsi: support larger transfer sizes (bnc#774818).\n * writeback: Do not sync data dirtied after sync start (bnc#833820).\n * x86 thermal: Delete power-limit-notification console messages\n (bnc#882317).\n * x86 thermal: Disable power limit notification interrupt by default\n (bnc#882317).\n * x86 thermal: Re-enable power limit notification interrupt by default\n (bnc#882317).\n * x86, cpu hotplug: Fix stack frame warning in\n check_irq_vectors_for_cpu_disable() (bnc#887418).\n * x86/UV: Add call to KGDB/KDB from NMI handler (bnc#888847).\n * x86/UV: Add kdump to UV NMI handler (bnc#888847).\n * x86/UV: Add summary of cpu activity to UV NMI handler (bnc#888847).\n * x86/UV: Move NMI support (bnc#888847).\n * x86/UV: Update UV support for external NMI signals (bnc#888847).\n * x86/uv/nmi: Fix Sparse warnings (bnc#888847).\n * x86: Add check for number of available vectors before CPU down\n (bnc#887418).\n * x86: Lock down IO port access when module security is enabled\n (bnc#884333).\n * x86: Restrict MSR access when module loading is restricted\n (bnc#884333).\n\n Security Issues:\n\n * CVE-2013-1979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979</a>>\n * CVE-2014-1739\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739</a>>\n * CVE-2014-2706\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706</a>>\n * CVE-2014-4027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027</a>>\n * CVE-2014-4171\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4667\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-3153\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3153</a>>\n * CVE-2014-6410\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6410</a>>\n\n The SUSE Linux Enterprise 11 Service Pack 3 kernel was updated to fix\n various bugs and security issues.\n\n Following security bugs were fixed: CVE-2013-1979: The scm_set_cred\n function in include/net/scm.h in the Linux kernel before 3.8.11 uses\n incorrect uid and gid values during credentials passing, which allows\n local users to gain privileges via a crafted application (bnc#816708).\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel before 3.14.6 does not\n initialize a certain data structure, which allows local users to obtain\n sensitive information from kernel memory by leveraging /dev/media0 read\n access for a MEDIA_IOC_ENUM_ENTITIES ioctl call (bnc#882804).\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel through 3.15.1 does not\n properly implement the interaction between range notification and hole\n punching, which allows local users to cause a denial of service (i_mutex\n hold) by using the mmap system call to access a hole, as demonstrated by\n interfering with intended shmem activity by blocking completion of (1) an\n MADV_REMOVE madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call\n (bnc#883518).\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel through\n 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the\n sep CPU feature flag is set, allows local users to cause a denial of\n service (OOPS and system crash) via an invalid syscall number, as\n demonstrated by number 1000 (bnc#883724).\n\n CVE-2014-4667: The sctp_association_free function in net/sctp/associola.c\n in the Linux kernel before 3.15.2 does not properly manage a certain\n backlog value, which allows remote attackers to cause a denial of service\n (socket outage) via a crafted SCTP packet (bnc#885422).\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel through 3.15.6 allows local users to gain privileges by leveraging\n data-structure differences between an l2tp socket and an inet socket\n (bnc#887082).\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel through 3.15.8, when SCTP authentication is enabled,\n allows remote attackers to cause a denial of service (NULL pointer\n dereference and OOPS) by starting to establish an association between two\n endpoints immediately after an exchange of INIT and INIT ACK chunks to\n establish an earlier association between these endpoints in the opposite\n direction (bnc#889173).\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel through 3.16.1 allows local users to cause a denial of service\n (uncontrolled recursion, and system crash or reboot) via a crafted iso9660\n image with a CL entry referring to a directory entry that has a CL entry.\n (bnc#892490)\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to\n cause a denial of service (unkillable mount process) via a crafted iso9660\n image with a self-referential CL entry. (bnc#892490)\n\n CVE-2014-2706: Race condition in the mac80211 subsystem in the Linux\n kernel before 3.13.7 allows remote attackers to cause a denial of service\n (system crash) via network traffic that improperly interacts with the\n WLAN_STA_PS_STA state (aka power-save mode), related to sta_info.c and\n tx.c. (bnc#871797)\n\n CVE-2014-4027: The rd_build_device_space function in\n drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not\n properly initialize a certain data structure, which allows local users to\n obtain sensitive information from ramdisk_mcp memory by leveraging access\n to a SCSI initiator. (bnc#882639)\n\n The following non-security bugs were fixed: - ACPI / PAD: call schedule()\n when need_resched() is true (bnc#866911). - ACPI: Fix bug when ACPI reset\n register is implemented in system memory (bnc#882900). - ACPI: Limit\n access to custom_method (bnc#884333). - Add option to automatically\n enforce module signatures when in Secure Boot mode (bnc#884333). - Add\n secure_modules() call (bnc#884333). - Add wait_on_atomic_t() and\n wake_up_atomic_t() (bnc#880344). - Backported new patches of Lock down\n functions for UEFI secure boot Also updated series.conf and removed old\n patches. - Btrfs: Return EXDEV for cross file system snapshot. - Btrfs:\n abort the transaction when we does not find our extent ref. - Btrfs: avoid\n warning bomb of btrfs_invalidate_inodes. - Btrfs: cancel scrub on\n transaction abortion. - Btrfs: correctly set profile flags on seqlock\n retry. - Btrfs: does not check nodes for extent items. - Btrfs: fix a\n possible deadlock between scrub and transaction committing. - Btrfs: fix\n corruption after write/fsync failure + fsync + log recovery (bnc#894200).\n - Btrfs: fix csum tree corruption, duplicate and outdated checksums\n (bnc#891619). - Btrfs: fix double free in find_lock_delalloc_range. -\n Btrfs: fix possible memory leak in btrfs_create_tree(). - Btrfs: fix use\n of uninit "ret" in end_extent_writepage(). - Btrfs: free delayed node\n outside of root->inode_lock (bnc#866864). - Btrfs: make DEV_INFO ioctl\n available to anyone. - Btrfs: make FS_INFO ioctl available to anyone. -\n Btrfs: make device scan less noisy. - Btrfs: make sure there are not any\n read requests before stopping workers. - Btrfs: more efficient io tree\n navigation on wait_extent_bit. - Btrfs: output warning instead of error\n when loading free space cache failed. - Btrfs: retrieve more info from\n FS_INFO ioctl. - Btrfs: return EPERM when deleting a default subvolume\n (bnc#869934). - Btrfs: unset DCACHE_DISCONNECTED when mounting default\n subvol (bnc#866615).\n - Btrfs: use right type to get real comparison. - Btrfs: wake up\n @scrub_pause_wait as much as we can. - Btrfs: wake up transaction thread\n upon remount. - CacheFiles: Add missing retrieval completions\n (bnc#880344).\n - CacheFiles: Does not try to dump the index key if the cookie has been\n cleared (bnc#880344). - CacheFiles: Downgrade the requirements passed to\n the allocator (bnc#880344). - CacheFiles: Fix the marking of cached\n pages (bnc#880344). - CacheFiles: Implement invalidation (bnc#880344). -\n CacheFiles: Make some debugging statements conditional (bnc#880344). -\n Drivers: hv: util: Fix a bug in the KVP code (bnc#886840). - Drivers:\n hv: vmbus: Fix a bug in the channel callback dispatch code (bnc#886840).\n - FS-Cache: Add transition to handle invalidate immediately after lookup\n (bnc#880344). - FS-Cache: Check that there are no read ops when cookie\n relinquished (bnc#880344). - FS-Cache: Clear remaining page count on\n retrieval cancellation (bnc#880344). - FS-Cache: Convert the object\n event ID #defines into an enum (bnc#880344). - FS-Cache: Does not sleep\n in page release if __GFP_FS is not set (bnc#880344). - FS-Cache: Does\n not use spin_is_locked() in assertions (bnc#880344). - FS-Cache:\n Exclusive op submission can BUG if there is been an I/O error\n (bnc#880344). - FS-Cache: Fix __wait_on_atomic_t() to call the action\n func if the counter != 0 (bnc#880344). - FS-Cache: Fix object state\n machine to have separate work and wait states (bnc#880344). - FS-Cache:\n Fix operation state management and accounting (bnc#880344). - FS-Cache:\n Fix signal handling during waits (bnc#880344). - FS-Cache: Initialise\n the object event mask with the calculated mask (bnc#880344). - FS-Cache:\n Limit the number of I/O error reports for a cache (bnc#880344). -\n FS-Cache: Make cookie relinquishment wait for outstanding reads\n (bnc#880344). - FS-Cache: Mark cancellation of in-progress operation\n (bnc#880344). - FS-Cache: One of the write operation paths doeses not\n set the object state (bnc#880344). - FS-Cache: Provide proper\n invalidation (bnc#880344). - FS-Cache: Simplify cookie retention for\n fscache_objects, fixing oops (bnc#880344). - FS-Cache: The retrieval\n remaining-pages counter needs to be atomic_t (bnc#880344). - FS-Cache:\n Uninline fscache_object_init() (bnc#880344). - FS-Cache: Wrap checks on\n object state (bnc#880344). - HID: usbhid: add always-poll quirk\n (bnc#888607). - HID: usbhid: enable always-poll quirk for Elan\n Touchscreen (bnc#888607). - IB/iser: Add TIMEWAIT_EXIT event handling\n (bnc#890297). - Ignore "flags" change to event_constraint (bnc#876114). -\n Ignore data_src/weight changes to perf_sample_data (bnc#876114). - NFS:\n Allow more\n operations in an NFSv4.1 request (bnc#890513). - NFS: Clean up helper\n function nfs4_select_rw_stateid() (bnc#888968). - NFS: Does not copy read\n delegation stateids in setattr (bnc#888968). - NFS: Does not use a\n delegation to open a file when returning that delegation (bnc#888968,\n bnc#892200, bnc#893596, bnc#893496) - NFS: Fixes for NFS RCU-walk support\n in line with code going upstream - NFS: Use FS-Cache invalidation\n (bnc#880344). - NFS: allow lockless access to access_cache (bnc#866130).\n - NFS: avoid mountpoint being displayed as " (deleted)" in /proc/mounts\n (bnc#888591). - NFS: nfs4_do_open should add negative results to the\n dcache (bnc#866130). - NFS: nfs_migrate_page() does not wait for FS-Cache\n to finish with a page (bnc#880344). - NFS: nfs_open_revalidate: only\n evaluate parent if it will be used (bnc#866130). - NFS: prepare for\n RCU-walk support but pushing tests later in code (bnc#866130). - NFS:\n support RCU_WALK in nfs_permission() (bnc#866130). - NFS: teach\n nfs_lookup_verify_inode to handle LOOKUP_RCU (bnc#866130). - NFS: teach\n nfs_neg_need_reval to understand LOOKUP_RCU (bnc#866130). - NFSD: Does\n not hand out delegations for 30 seconds after recalling them\n (bnc#880370). - NFSv4 set open access\n operation call flag in nfs4_init_opendata_res (bnc#888968, bnc#892200,\n bnc#893596, bnc#893496). - NFSv4: Add a helper for encoding opaque data\n (bnc#888968). - NFSv4: Add a helper for encoding stateids (bnc#888968). -\n NFSv4: Add helpers for basic copying of stateids (bnc#888968). - NFSv4:\n Clean up nfs4_select_rw_stateid() (bnc#888968). - NFSv4: Fix the return\n value of nfs4_select_rw_stateid (bnc#888968). - NFSv4: Rename\n nfs4_copy_stateid() (bnc#888968). - NFSv4: Resend the READ/WRITE RPC call\n if a stateid change causes an error (bnc#888968). - NFSv4: Simplify the\n struct nfs4_stateid (bnc#888968). - NFSv4: The stateid must remain the\n same for replayed RPC calls (bnc#888968). - NFSv4:\n nfs4_stateid_is_current should return "true" for an invalid stateid\n (bnc#888968). - One more fix for kABI breakage. - PCI: Lock down BAR\n access when module security is enabled (bnc#884333). - PCI: enable MPS\n "performance" setting to properly handle bridge MPS (bnc#883376). - PM /\n Hibernate: Add memory_rtree_find_bit function (bnc#860441). - PM /\n Hibernate: Create a Radix-Tree to store memory bitmap (bnc#860441). - PM\n / Hibernate: Implement position keeping in radix tree (bnc#860441). - PM\n / Hibernate: Iterate over set bits instead of PFNs in swsusp_free()\n (bnc#860441). - PM / Hibernate: Remove the old memory-bitmap\n implementation (bnc#860441). - PM / Hibernate: Touch Soft Lockup Watchdog\n in rtree_next_node (bnc#860441). - Restrict /dev/mem and /dev/kmem when\n module loading is restricted (bnc#884333). - Reuse existing "state" field\n to indicate PERF_X86_EVENT_PEBS_LDLAT (bnc#876114). - USB: handle LPM\n errors during device suspend correctly (bnc#849123). - Update kabi files\n to reflect fscache change (bnc#880344) - VFS: Make more complete truncate\n operation available to CacheFiles (bnc#880344). - [FEAT NET1222]\n ib_uverbs: Allow explicit mmio trigger (FATE#83366, ltc#83367). - acpi:\n Ignore acpi_rsdp kernel parameter when module loading is restricted\n (bnc#884333). - af_iucv: correct cleanup if listen backlog is full\n (bnc#885262, LTC#111728). - asus-wmi: Restrict debugfs interface when\n module loading is restricted (bnc#884333). - autofs4: allow RCU-walk to\n walk through autofs4 (bnc#866130). - autofs4: avoid taking fs_lock during\n rcu-walk (bnc#866130). - autofs4: does not take spinlock when not needed\n in autofs4_lookup_expiring (bnc#866130). - autofs4: factor\n should_expire() out\n of autofs4_expire_indirect (bnc#866130). - autofs4: make\n "autofs4_can_expire" idempotent (bnc#866130). - autofs4: remove a\n redundant assignment (bnc#866130). - autofs: fix lockref lookup\n (bnc#888591). - be2net: add dma_mapping_error() check for dma_map_page()\n (bnc#881759). - block: add cond_resched() to potentially long running\n ioctl discard loop (bnc#884725). - block: fix race between request\n completion and timeout handling (bnc#881051). - cdc-ether: clean packet\n filter upon probe (bnc#876017). - cpuset: Fix memory allocator deadlock\n (bnc#876590). - crypto: Allow CRYPTO_FIPS without MODULE_SIGNATURES. Not\n all archs have them, but some are FIPS certified, with some kernel\n support. - crypto: fips\n - only panic on bad/missing crypto mod signatures (bnc#887503). - crypto:\n testmgr - allow aesni-intel and ghash_clmulni-intel in fips mode\n (bnc#889451). - dasd: validate request size before building CCW/TCW\n (bnc#891087, LTC#114068). - dm mpath: fix race condition between\n multipath_dtr and pg_init_done (bnc#826486). - dm-mpath: fix panic on\n deleting sg device (bnc#870161). - drm/ast: Add missing entry to\n dclk_table[]. - drm/ast: Add reduced non reduced mode parsing for wide\n screen mode (bnc#892723). - drm/i915: Only apply DPMS to the encoder if\n enabled (bnc#893064). - drm/i915: clear the FPGA_DBG_RM_NOCLAIM bit at\n driver init (bnc#869055). - drm/i915: create functions for the\n "unclaimed register" checks (bnc#869055). - drm/i915: use FPGA_DBG for\n the "unclaimed register" checks (bnc#869055). - drm/mgag200: Initialize\n data needed to map fbdev memory (bnc #806990). - e1000e: enable support\n for new device IDs (bnc#885509). - fs/fscache: remove spin_lock() from\n the condition in while() (bnc#880344). - hibernate: Disable in a signed\n modules environment (bnc#884333). - hugetlb: does not use ERR_PTR with\n VM_FAULT* values - ibmvscsi: Abort init sequence during error recovery\n (bnc#885382). - ibmvscsi: Add memory barriers for send / receive\n (bnc#885382). - inet: add a redirect generation id in inetpeer\n (bnc#860593). - inetpeer: initialize\n ->redirect_genid in inet_getpeer() (bnc#860593). - ipv6: tcp: fix\n tcp_v6_conn_request() (bnc#887645). - kabi: hide bnc#860593 changes of\n struct inetpeer_addr_base (bnc#860593). - kernel: 3215 tty hang\n (bnc#891087, LTC#114562). - kernel: fix data corruption when reading\n /proc/sysinfo (bnc#891087, LTC#114480). - kernel: fix kernel oops with\n load\n of fpc register (bnc#889061, LTC#113596). - kernel: sclp console tty\n reference counting (bnc#891087, LTC#115466). - kexec: Disable at runtime\n if the kernel enforces module loading restrictions (bnc#884333). -\n md/raid6: avoid data corruption during recovery of double-degraded RAID6.\n - memcg, vmscan: Fix forced scan of anonymous pages (memory reclaim fix).\n - mm, hugetlb: add VM_NORESERVE check in vma_has_reserves() - mm,\n hugetlb: change variable name reservations to resv - mm, hugetlb:\n decrement reserve count if VM_NORESERVE alloc page cache - mm, hugetlb:\n defer freeing pages when gathering surplus pages - mm, hugetlb: do not\n use a page in page cache for cow optimization - mm, hugetlb: fix and\n clean-up node iteration code to alloc or free - mm, hugetlb: fix race in\n region tracking - mm, hugetlb: fix subpool accounting handling - mm,\n hugetlb: improve page-fault scalability - mm, hugetlb: improve, cleanup\n resv_map parameters - mm, hugetlb: move up the code which check\n availability of free huge page - mm, hugetlb: protect reserved pages when\n soft offlining a hugepage - mm, hugetlb: remove\n decrement_hugepage_resv_vma() - mm, hugetlb: remove redundant list_empty\n check in gather_surplus_pages() - mm, hugetlb: remove resv_map_put - mm,\n hugetlb: remove useless check about mapping type - mm, hugetlb: return a\n reserved page to a reserved pool if failed - mm, hugetlb: trivial\n commenting fix - mm, hugetlb: unify region structure handling - mm,\n hugetlb: unify region structure handling kabi - mm, hugetlb: use long\n vars instead of int in region_count() (Hugetlb Fault Scalability). - mm,\n hugetlb: use vma_resv_map() map types - mm, oom: fix badness score\n underflow (bnc#884582, bnc#884767). - mm, oom: normalize oom scores to\n oom_score_adj scale only for userspace (bnc#884582, bnc#884767). - mm,\n thp: do not allow thp faults to avoid cpuset restrictions (bnc#888849). -\n net/mlx4_core: Load higher level modules according to ports type\n (bnc#887680). - net/mlx4_core: Load the IB driver when the device\n supports IBoE (bnc#887680). - net/mlx4_en: Fix a race between napi poll\n function and RX ring cleanup (bnc#863586). - net/mlx4_en: Fix selftest\n failing on non 10G link speed (bnc#888058). - net: fix checksumming\n features handling in\n output path (bnc#891259). - perf/core: Add weighted samples (bnc#876114).\n - perf/x86: Add flags to event constraints (bnc#876114). - perf/x86: Add\n memory profiling via PEBS Load Latency (bnc#876114). - perf: Add generic\n memory sampling interface (bnc#876114). - qla2xxx: Avoid escalating the\n SCSI error handler if the command is not found in firmware (bnc#859840).\n - qla2xxx: Clear loop_id for ports that are marked lost during fabric\n scanning (bnc#859840). - qla2xxx: Does not check for firmware hung during\n the reset context for ISP82XX (bnc#859840). - qla2xxx: Issue abort\n command for outstanding commands during cleanup when only firmware is\n alive (bnc#859840). - qla2xxx: Reduce the time we wait for a command to\n complete during SCSI error handling (bnc#859840). - qla2xxx: Set host\n can_queue value based on available resources (bnc#859840). - restore\n smp_mb() in unlock_new_inode() (bnc#890526). - s390/pci: introduce lazy\n IOTLB flushing for DMA unmap (bnc#889061, LTC#113725). - sched: fix the\n theoretical signal_wake_up() vs schedule() race (bnc#876055). -\n sclp_vt220: Enable integrated ASCII console per default (bnc#885262,\n LTC#112035). - scsi_dh: use missing accessor "scsi_device_from_queue"\n (bnc#889614). - scsi_transport_fc: Cap dev_loss_tmo by fast_io_fail\n (bnc#887608). - scsiback: correct grant page unmapping. - scsiback: fix\n retry handling in __report_luns(). - scsiback: free resources after\n error. - sunrpc/auth: allow lockless (rcu) lookup of credential cache\n (bnc#866130). - supported.conf: remove external from drivers/net/veth\n (bnc#889727) - supported.conf: support net/sched/act_police.ko\n (bnc#890426) - tcp: adapt selected parts of RFC 5682 and PRR logic\n (bnc#879921). - tg3: Change nvram command timeout value to 50ms\n (bnc#855657). - tg3: Override clock, link aware and link idle mode during\n NVRAM dump (bnc#855657). - tg3: Set the MAC clock to the fastest speed\n during boot code load (bnc#855657). - usb: Does not enable LPM if the\n exit latency is zero (bnc#832309). - usbcore: Does not log on consecutive\n debounce failures of the same port (bnc#888105). - usbhid: fix PIXART\n optical mouse (bnc#888607). - uswsusp: Disable when module loading is\n restricted (bnc#884333). - vscsi: support larger transfer sizes\n (bnc#774818). - x86 thermal: Delete power-limit-notification console\n messages (bnc#882317). - x86 thermal: Disable power limit notification\n interrupt by default (bnc#882317). - x86 thermal: Re-enable power limit\n notification interrupt by default (bnc#882317). - x86/UV: Add call to\n KGDB/KDB from NMI handler (bnc#888847). - x86/UV: Add kdump to UV NMI\n handler (bnc#888847). - x86/UV: Add summary of cpu activity to UV NMI\n handler (bnc#888847). - x86/UV: Move NMI support (bnc#888847). - x86/UV:\n Update UV support for external NMI signals (bnc#888847). - x86/uv/nmi:\n Fix Sparse warnings (bnc#888847). - x86: Lock down IO port access when\n module security is enabled (bnc#884333). - x86: Restrict MSR access when\n module loading is restricted (bnc#884333).\n\n Security Issues:\n\n * CVE-2013-1979\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1979</a>>\n * CVE-2014-1739\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1739</a>>\n * CVE-2014-2706\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2706</a>>\n * CVE-2014-4027\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027</a>>\n * CVE-2014-4171\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4171</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4667\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n", "published": "2014-10-22T21:04:47", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00006.html", "cvelist": ["CVE-2014-5077", "CVE-2014-1739", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-4027", "CVE-2013-1979", "CVE-2014-3153", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-4667", "CVE-2014-2706"], "lastseen": "2016-09-04T11:26:04"}, {"id": "SUSE-SU-2014:1138-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The SUSE Linux Enterprise Server 11 SP1 LTSS received a roll up update to\n fix several security and non-security issues.\n\n The following security issues have been fixed:\n\n * CVE-2013-1860: Heap-based buffer overflow in the wdm_in_callback\n function in drivers/usb/class/cdc-wdm.c in the Linux kernel before\n 3.8.4 allows physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted cdc-wdm USB device. (bnc#806431)\n * CVE-2013-4162: The udp_v6_push_pending_frames function in\n net/ipv6/udp.c in the IPv6 implementation in the Linux kernel\n through 3.10.3 makes an incorrect function call for pending data,\n which allows local users to cause a denial of service (BUG and\n system crash) via a crafted application that uses the UDP_CORK\n option in a setsockopt system call. (bnc#831058)\n * CVE-2014-0203: The __do_follow_link function in fs/namei.c in the\n Linux kernel before 2.6.33 does not properly handle the last\n pathname component during use of certain filesystems, which allows\n local users to cause a denial of service (incorrect free operations\n and system crash) via an open system call. (bnc#883526)\n * CVE-2014-3144: The (1) BPF_S_ANC_NLATTR and (2)\n BPF_S_ANC_NLATTR_NEST extension implementations in the sk_run_filter\n function in net/core/filter.c in the Linux kernel through 3.14.3 do\n not check whether a certain length value is sufficiently large,\n which allows local users to cause a denial of service (integer\n underflow and system crash) via crafted BPF instructions. NOTE: the\n affected code was moved to the __skb_get_nlattr and\n __skb_get_nlattr_nest functions before the vulnerability was\n announced. (bnc#877257)\n * CVE-2014-3145: The BPF_S_ANC_NLATTR_NEST extension implementation in\n the sk_run_filter function in net/core/filter.c in the Linux kernel\n through 3.14.3 uses the reverse order in a certain subtraction,\n which allows local users to cause a denial of service (over-read and\n system crash) via crafted BPF instructions. NOTE: the affected code\n was moved to the __skb_get_nlattr_nest function before the\n vulnerability was announced. (bnc#877257)\n * CVE-2014-3917: kernel/auditsc.c in the Linux kernel through 3.14.5,\n when CONFIG_AUDITSYSCALL is enabled with certain syscall rules,\n allows local users to obtain potentially sensitive single-bit values\n from kernel memory or cause a denial of service (OOPS) via a large\n value of a syscall number. (bnc#880484)\n * CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel\n through 3.15.1 on 32-bit x86 platforms, when syscall auditing is\n enabled and the sep CPU feature flag is set, allows local users to\n cause a denial\n of service (OOPS and system crash) via an invalid syscall number, as\n demonstrated by number 1000. (bnc#883724)\n * CVE-2014-4652: Race condition in the tlv handler functionality in\n the snd_ctl_elem_user_tlv function in sound/core/control.c in the\n ALSA control implementation in the Linux kernel before 3.15.2 allows\n local users to obtain sensitive information from kernel memory by\n leveraging /dev/snd/controlCX access. (bnc#883795)\n * CVE-2014-4653: sound/core/control.c in the ALSA control\n implementation in the Linux kernel before 3.15.2 does not ensure\n possession of a read/write lock, which allows local users to cause a\n denial of service (use-after-free) and obtain sensitive information\n from kernel memory by leveraging /dev/snd/controlCX access.\n (bnc#883795)\n * CVE-2014-4654: The snd_ctl_elem_add function in sound/core/control.c\n in the ALSA control implementation in the Linux kernel before 3.15.2\n does not check authorization for SNDRV_CTL_IOCTL_ELEM_REPLACE\n commands, which allows local users to remove kernel controls and\n cause a denial of service (use-after-free and system crash) by\n leveraging /dev/snd/controlCX access for an ioctl call. (bnc#883795)\n * CVE-2014-4655: The snd_ctl_elem_add function in sound/core/control.c\n in the ALSA control implementation in the Linux kernel before 3.15.2\n does not properly maintain the user_ctl_count value, which allows\n local users to cause a denial of service (integer overflow and limit\n bypass) by leveraging /dev/snd/controlCX access for a large number\n of SNDRV_CTL_IOCTL_ELEM_REPLACE ioctl calls. (bnc#883795)\n * CVE-2014-4656: Multiple integer overflows in sound/core/control.c in\n the ALSA control implementation in the Linux kernel before 3.15.2\n allow local users to cause a denial of service by leveraging\n /dev/snd/controlCX access, related to (1) index values in the\n snd_ctl_add function and (2) numid values in the\n snd_ctl_remove_numid_conflict function. (bnc#883795)\n * CVE-2014-4667: The sctp_association_free function in\n net/sctp/associola.c in the Linux kernel before 3.15.2 does not\n properly manage a certain backlog value, which allows remote\n attackers to cause a denial of service (socket outage) via a crafted\n SCTP packet. (bnc#885422)\n * CVE-2014-4699: The Linux kernel before 3.15.4 on Intel processors\n does not properly restrict use of a non-canonical value for the\n saved RIP address in the case of a system call that does not use\n IRET, which allows local users to leverage a race condition and gain\n privileges, or cause a denial of service (double fault), via a\n crafted application that makes ptrace and fork system calls.\n (bnc#885725)\n * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allows local users to gain privileges by\n leveraging data-structure differences between an l2tp socket and an\n inet socket. (bnc#887082)\n * CVE-2014-5077: The sctp_assoc_update function in\n net/sctp/associola.c in the Linux kernel through 3.15.8, when SCTP\n authentication is enabled, allows remote attackers to cause a denial\n of service (NULL pointer dereference and OOPS) by starting to\n establish an association between two endpoints immediately after an\n exchange of INIT and INIT ACK chunks to establish an earlier\n association between these endpoints in the opposite direction.\n (bnc#889173)\n * CVE-2013-7266: The mISDN_sock_recvmsg function in\n drivers/isdn/mISDN/socket.c in the Linux kernel before 3.12.4 does\n not ensure that a certain length value is consistent with the size\n of an associated data structure, which allows local users to obtain\n sensitive information from kernel memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call. (bnc#854722)\n * CVE-2013-7267: The atalk_recvmsg function in net/appletalk/ddp.c in\n the Linux kernel before 3.12.4 updates a certain length value\n without ensuring that an associated data structure has been\n initialized, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#854722)\n * CVE-2013-7268: The ipx_recvmsg function in net/ipx/af_ipx.c in the\n Linux kernel before 3.12.4 updates a certain length value without\n ensuring that an associated data structure has been initialized,\n which allows local users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#854722)\n * CVE-2013-7269: The nr_recvmsg function in net/netrom/af_netrom.c in\n the Linux kernel before 3.12.4 updates a certain length value\n without ensuring that an associated data structure has been\n initialized, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#854722)\n * CVE-2013-7270: The packet_recvmsg function in net/packet/af_packet.c\n in the Linux kernel before 3.12.4 updates a certain length value\n before ensuring that an associated data structure has been\n initialized, which allows local users to obtain sensitive\n information from kernel memory via a (1) recvfrom, (2) recvmmsg, or\n (3) recvmsg system call. (bnc#854722)\n * CVE-2013-7271: The x25_recvmsg function in net/x25/af_x25.c in the\n Linux kernel before 3.12.4 updates a certain length value without\n ensuring that an associated data structure has been initialized,\n which allows local users to obtain sensitive information from kernel\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call.\n (bnc#854722)\n\n The following bugs have been fixed:\n\n * mac80211: Fix AP powersave TX vs. wakeup race (bnc#871797).\n * tcp: Allow to disable cwnd moderation in TCP_CA_Loss state\n (bnc#879921).\n * tcp: Adapt selected parts of RFC 5682 and PRR logic (bnc#879921).\n * flock: Fix allocation and BKL (bnc#882809).\n * sunrpc: Close a rare race in xs_tcp_setup_socket (bnc#794824,\n bnc#884530).\n * isofs: Fix unbounded recursion when processing relocated directories\n (bnc#892490).\n * bonding: Fix a race condition on cleanup in\n bond_send_unsolicited_na() (bnc#856756).\n * block: Fix race between request completion and timeout handling\n (bnc#881051).\n * Fix kABI breakage due to addition of user_ctl_lock (bnc#883795).\n\n Security Issues:\n\n * CVE-2013-1860\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1860</a>>\n * CVE-2013-4162\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4162</a>>\n * CVE-2013-7266\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7266</a>>\n * CVE-2013-7267\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7267</a>>\n * CVE-2013-7268\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7268</a>>\n * CVE-2013-7269\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7269</a>>\n * CVE-2013-7270\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7270</a>>\n * CVE-2013-7271\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7271</a>>\n * CVE-2014-0203\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0203\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0203</a>>\n * CVE-2014-3144\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3144</a>>\n * CVE-2014-3145\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3145</a>>\n * CVE-2014-3917\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3917</a>>\n * CVE-2014-4508\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4508</a>>\n * CVE-2014-4652\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652</a>>\n * CVE-2014-4653\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653</a>>\n * CVE-2014-4654\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654</a>>\n * CVE-2014-4655\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655</a>>\n * CVE-2014-4656\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656</a>>\n * CVE-2014-4667\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667</a>>\n * CVE-2014-4699\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5077\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5077</a>>\n", "published": "2014-09-16T19:04:20", "cvss": {"score": 6.9, "vector": "AV:LOCAL/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00023.html", "cvelist": ["CVE-2014-5077", "CVE-2013-7270", "CVE-2014-4699", "CVE-2014-4655", "CVE-2013-1860", "CVE-2014-4508", "CVE-2014-4943", "CVE-2013-7267", "CVE-2013-4162", "CVE-2014-4653", "CVE-2013-7266", "CVE-2014-3145", "CVE-2014-3917", "CVE-2014-4654", "CVE-2014-3144", "CVE-2014-4656", "CVE-2013-7269", "CVE-2014-4652", "CVE-2013-7271", "CVE-2013-7268", "CVE-2014-4667", "CVE-2014-0203"], "lastseen": "2016-09-04T12:09:50"}, {"id": "OPENSUSE-SU-2014:1677-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The openSUSE 13.1 kernel was updated to fix security issues and bugs:\n\n Security issues fixed: CVE-2014-9322: A local privilege escalation in the\n x86_64 32bit compatibility signal handling was fixed, which could be used\n by local attackers to crash the machine or execute code.\n\n CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in\n the Linux kernel did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allowed local users to cause a denial\n of service (panic) via a modify_ldt system call, as demonstrated by\n sigreturn_32 in the linux-clock-tests test suite.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-0181: The Netlink implementation in the Linux kernel through\n 3.14.1 did not provide a mechanism for authorizing socket operations based\n on the opener of a socket, which allowed local users to bypass intended\n access restrictions and modify network configurations by using a Netlink\n socket for the (1) stdout or (2) stderr of a setuid program. (bsc#875051)\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-3688: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (memory consumption) by triggering\n a large number of chunks in an association's output queue, as demonstrated\n by ASCONF probes, related to net/sctp/inqueue.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n allowed remote attackers to cause a denial of service (panic) via\n duplicate ASCONF chunks that trigger an incorrect uncork within the\n side-effect interpreter.\n\n CVE-2014-7975: The do_umount function in fs/namespace.c in the Linux\n kernel did not require the CAP_SYS_ADMIN capability for do_remount_sb\n calls that change the root filesystem to read-only, which allowed local\n users to cause a denial of service (loss of writability) by making certain\n unshare system calls, clearing the / MNT_LOCKED flag, and making an\n MNT_FORCE umount system call.\n\n CVE-2014-8884: Stack-based buffer overflow in the\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) or possibly gain\n privileges via a large message length in an ioctl call.\n\n CVE-2014-3673: The SCTP implementation in the Linux kernel allowed remote\n attackers to cause a denial of service (system crash) via a malformed\n ASCONF chunk, related to net/sctp/sm_make_chunk.c and\n net/sctp/sm_statefuns.c.\n\n CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\n Linux kernel, as used in Android on Nexus 7 devices, allowed physically\n proximate attackers to cause a denial of service (system crash) or\n possibly execute arbitrary code via a crafted device that sends a large\n report.\n\n CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel, when ASCONF is used,\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk.\n\n CVE-2014-4611: Integer overflow in the LZ4 algorithm implementation, as\n used in Yann Collet LZ4 before r118 and in the lz4_uncompress function in\n lib/lz4/lz4_decompress.c in the Linux kernel before 3.15.2, on 32-bit\n platforms might allow context-dependent attackers to cause a denial of\n service (memory corruption) or possibly have unspecified other impact via\n a crafted Literal Run that would be improperly handled by programs not\n complying with an API limitation, a different vulnerability than\n CVE-2014-4715.\n\n CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\n function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the\n Linux kernel allowed context-dependent attackers to cause a denial\n of service (memory corruption) via a crafted Literal Run.\n\n CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the\n Linux kernel did not properly maintain a certain tail pointer, which\n allowed remote attackers to obtain sensitive cleartext information by\n reading packets.\n\n CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback\n function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial\n Driver in the Linux kernel allowed physically proximate attackers to\n execute arbitrary code or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\n CVE-2014-3184: The report_fixup functions in the HID subsystem in the\n Linux kernel might have allowed physically proximate attackers to cause a\n denial of service (out-of-bounds write) via a crafted device that provides\n a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2)\n drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)\n drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6)\n drivers/hid/hid-sunplus.c.\n\n CVE-2014-3182: Array index error in the logi_dj_raw_event function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\n proximate attackers to execute arbitrary code or cause a denial of service\n (invalid kfree) via a crafted device that provides a malformed\n REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\n CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic\n Mouse HID driver in the Linux kernel allowed physically proximate\n attackers to cause a denial of service (system crash) or possibly execute\n arbitrary code via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with an event.\n\n CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not\n properly handle private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted application.\n\n CVE-2013-7263: The Linux kernel updated certain length values before\n ensuring that associated data structures have been initialized, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\n related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port\n number when using ipv6 sockets. (bsc#853040).\n\n CVE-2013-2898: Fixed potential kernel caller confusion via\n past-end-of-heap-allocation read in sensor-hub HID driver.\n\n CVE-2013-2891: Fixed 16 byte past-end-of-heap-alloc zeroing in steelseries\n HID driver.\n\n VE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the Linux\n kernel did not restrict the amount of ICB indirection, which allowed\n physically proximate attackers to cause a denial of service (infinite loop\n or stack consumption) via a UDF filesystem with a crafted inode.\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel allowed local users to cause a denial of service (uncontrolled\n recursion, and system crash or reboot) via a crafted iso9660 image with a\n CL entry referring to a directory entry that has a CL entry.\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial\n of service (unkillable mount process) via a crafted iso9660 image with a\n self-referential CL entry.\n\n CVE-2014-0206: Array index error in the aio_read_events_ring function in\n fs/aio.c in the Linux kernel allowed local users to obtain sensitive\n information from kernel memory via a large head value.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5206: The do_remount function in fs/namespace.c in the Linux\n kernel did not maintain the MNT_LOCK_READONLY bit across a remount of a\n bind mount, which allowed local users to bypass an intended read-only\n restriction and defeat certain sandbox protection mechanisms via a "mount\n -o remount" command within a user namespace.\n\n CVE-2014-5207: fs/namespace.c in the Linux kernel did not properly\n restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing\n MNT_ATIME_MASK during a remount of a bind mount, which allowed local users\n to gain privileges, interfere with backups and auditing on systems that\n had atime enabled, or cause a denial of service (excessive filesystem\n updating) on systems that had atime disabled via a "mount -o remount"\n command within a user namespace.\n\n CVE-2014-1739: The media_device_enum_entities function in\n drivers/media/media-device.c in the Linux kernel did not initialize a\n certain data structure, which allowed local users to obtain sensitive\n information from kernel memory by leveraging /dev/media0 read access for a\n MEDIA_IOC_ENUM_ENTITIES ioctl call.\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel allowed local users to gain privileges by leveraging data-structure\n differences between an l2tp socket and an inet socket.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel, when SCTP authentication is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer dereference and OOPS)\n by starting to establish an association between two endpoints immediately\n after an exchange of INIT and INIT ACK chunks to establish an earlier\n association between these endpoints in the opposite direction.\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement\n the interaction between range notification and hole punching, which\n allowed local users to cause a denial of service (i_mutex hold) by using\n the mmap system call to access a hole, as demonstrated by interfering with\n intended shmem activity by blocking completion of (1) an MADV_REMOVE\n madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.\n\n Also the following bugs were fixed:\n - KEYS: Fix stale key registration at error path (bnc#908163).\n\n - parport: parport_pc, do not remove parent devices early (bnc#856659).\n\n - xfs: fix directory hash ordering bug.\n - xfs: mark all internal workqueues as freezable (bnc#899785).\n\n - [media] uvc: Fix destruction order in uvc_delete() (bnc#897736).\n\n - cfq-iosched: Fix wrong children_weight calculation (bnc#893429).\n\n - target/rd: Refactor rd_build_device_space + rd_release_device_space\n (bnc#882639).\n\n - Btrfs: Fix memory corruption by ulist_add_merge() on 32bit arch\n (bnc#887046).\n\n - usb: pci-quirks: Prevent Sony VAIO t-series from switching usb ports\n (bnc#864375).\n - xhci: Switch only Intel Lynx Point-LP ports to EHCI on shutdown\n (bnc#864375).\n - xhci: Switch Intel Lynx Point ports to EHCI on shutdown (bnc#864375).\n\n - ALSA: hda - Fix broken PM due to incomplete i915 initialization\n (bnc#890114).\n\n - netbk: Don't destroy the netdev until the vif is shut down (bnc#881008).\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - PM / sleep: Fix request_firmware() error at resume (bnc#873790).\n\n - usbcore: don't log on consecutive debounce failures of the same port\n (bnc#818966).\n\n", "published": "2014-12-21T13:04:41", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00021.html", "cvelist": ["CVE-2014-5077", "CVE-2014-3182", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-1739", "CVE-2014-9090", "CVE-2014-3688", "CVE-2014-7841", "CVE-2013-2891", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-0206", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-7975", "CVE-2014-3185", "CVE-2014-5206", "CVE-2014-4715", "CVE-2014-8884", "CVE-2014-4608", "CVE-2014-4611", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-5207", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7826", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:38:24"}, {"id": "SUSE-SU-2015:0481-1", "type": "suse", "title": "Security update for Linux kernel (important)", "description": "The SUSE Linux Enterprise 11 Service Pack 2 LTSS kernel has been updated\n to fix security issues on kernels on the x86_64 architecture.\n\n The following security bugs have been fixed:\n\n * CVE-2012-4398: The __request_module function in kernel/kmod.c in the\n Linux kernel before 3.4 did not set a certain killable attribute,\n which allowed local users to cause a denial of service (memory\n consumption) via a crafted application (bnc#779488).\n * CVE-2013-2893: The Human Interface Device (HID) subsystem in the\n Linux kernel through 3.11, when CONFIG_LOGITECH_FF,\n CONFIG_LOGIG940_FF, or CONFIG_LOGIWHEELS_FF is enabled, allowed\n physically proximate attackers to cause a denial of service\n (heap-based out-of-bounds write) via a crafted device, related to\n (1) drivers/hid/hid-lgff.c, (2) drivers/hid/hid-lg3ff.c, and (3)\n drivers/hid/hid-lg4ff.c (bnc#835839).\n * CVE-2013-2897: Multiple array index errors in\n drivers/hid/hid-multitouch.c in the Human Interface Device (HID)\n subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_MULTITOUCH is enabled, allowed physically proximate\n attackers to cause a denial of service (heap memory corruption, or\n NULL pointer dereference and OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2899: drivers/hid/hid-picolcd_core.c in the Human Interface\n Device (HID) subsystem in the Linux kernel through 3.11, when\n CONFIG_HID_PICOLCD is enabled, allowed physically proximate\n attackers to cause a denial of service (NULL pointer dereference and\n OOPS) via a crafted device (bnc#835839).\n * CVE-2013-2929: The Linux kernel before 3.12.2 did not properly use\n the get_dumpable function, which allowed local users to bypass\n intended ptrace restrictions or obtain sensitive information from\n IA64 scratch registers via a crafted application, related to\n kernel/ptrace.c and arch/ia64/include/asm/processor.h (bnc#847652).\n * CVE-2013-7263: The Linux kernel before 3.12.4 updates certain length\n values before ensuring that associated data structures have been\n initialized, which allowed local users to obtain sensitive\n information from kernel stack memory via a (1) recvfrom, (2)\n recvmmsg, or (3) recvmsg system call, related to net/ipv4/ping.c,\n net/ipv4/raw.c, net/ipv4/udp.c, net/ipv6/raw.c, and net/ipv6/udp.c\n (bnc#857643).\n * CVE-2014-0131: Use-after-free vulnerability in the skb_segment\n function in net/core/skbuff.c in the Linux kernel through 3.13.6\n allowed attackers to obtain sensitive information from kernel memory\n by leveraging the absence of a certain orphaning operation\n (bnc#867723).\n * CVE-2014-0181: The Netlink implementation in the Linux kernel\n through 3.14.1 did not provide a mechanism for authorizing socket\n operations based on the opener of a socket, which allowed local\n users to bypass intended access restrictions and modify network\n configurations by using a Netlink socket for the (1) stdout or (2)\n stderr of a setuid program (bnc#875051).\n * CVE-2014-2309: The ip6_route_add function in net/ipv6/route.c in the\n Linux kernel through 3.13.6 did not properly count the addition of\n routes, which allowed remote attackers to cause a denial of service\n (memory consumption) via a flood of ICMPv6 Router Advertisement\n packets (bnc#867531).\n * CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the\n Magic Mouse HID driver in the Linux kernel through 3.16.3 allowed\n physically proximate attackers to cause a denial of service (system\n crash) or possibly execute arbitrary code via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n an event (bnc#896382).\n * CVE-2014-3184: The report_fixup functions in the HID subsystem in\n the Linux kernel before 3.16.2 might have allowed physically\n proximate attackers to cause a denial of service (out-of-bounds\n write) via a crafted device that provides a small report descriptor,\n related to (1) drivers/hid/hid-cherry.c, (2) drivers/hid/hid-kye.c,\n (3) drivers/hid/hid-lg.c, (4) drivers/hid/hid-monterey.c, (5)\n drivers/hid/hid-petalynx.c, and (6) drivers/hid/hid-sunplus.c\n (bnc#896390).\n * CVE-2014-3185: Multiple buffer overflows in the\n command_port_read_callback function in\n drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial Driver in\n the Linux kernel before 3.16.2 allowed physically proximate\n attackers to execute arbitrary code or cause a denial of service\n (memory corruption and system crash) via a crafted device that\n provides a large amount of (1) EHCI or (2) XHCI data associated with\n a bulk response (bnc#896391).\n * CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in\n the Linux kernel through 3.16.3, as used in Android on Nexus 7\n devices, allowed physically proximate attackers to cause a denial of\n service (system crash) or possibly execute arbitrary code via a\n crafted device that sends a large report (bnc#896392).\n * CVE-2014-3601: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.16.1 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to (1) cause a denial of service (host OS memory corruption)\n or possibly have unspecified other impact by triggering a large gfn\n value or (2) cause a denial of service (host OS memory consumption)\n by triggering a small gfn value that leads to permanently pinned\n pages (bnc#892782).\n * CVE-2014-3610: The WRMSR processing functionality in the KVM\n subsystem in the Linux kernel through 3.17.2 did not properly handle\n the writing of a non-canonical address to a model-specific register,\n which allowed guest OS users to cause a denial of service (host OS\n crash) by leveraging guest OS privileges, related to the\n wrmsr_interception function in arch/x86/kvm/svm.c and the\n handle_wrmsr function in arch/x86/kvm/vmx.c (bnc#899192).\n * CVE-2014-3646: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel through 3.17.2 did not have an exit handler for the INVVPID\n instruction, which allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application (bnc#899192).\n * CVE-2014-3647: arch/x86/kvm/emulate.c in the KVM subsystem in the\n Linux kernel through 3.17.2 did not properly perform RIP changes,\n which allowed guest OS users to cause a denial of service (guest OS\n crash) via a crafted application (bnc#899192).\n * CVE-2014-3673: The SCTP implementation in the Linux kernel through\n 3.17.2 allowed remote attackers to cause a denial of service (system\n crash) via a malformed ASCONF chunk, related to\n net/sctp/sm_make_chunk.c and net/sctp/sm_statefuns.c (bnc#902346).\n * CVE-2014-3687: The sctp_assoc_lookup_asconf_ack function in\n net/sctp/associola.c in the SCTP implementation in the Linux kernel\n through 3.17.2 allowed remote attackers to cause a denial of service\n (panic) via duplicate ASCONF chunks that trigger an incorrect uncork\n within the side-effect interpreter (bnc#902349).\n * CVE-2014-3688: The SCTP implementation in the Linux kernel before\n 3.17.4 allowed remote attackers to cause a denial of service (memory\n consumption) by triggering a large number of chunks in an\n associations output queue, as demonstrated by ASCONF probes, related\n to net/sctp/inqueue.c and net/sctp/sm_statefuns.c (bnc#902351).\n * CVE-2014-3690: arch/x86/kvm/vmx.c in the KVM subsystem in the Linux\n kernel before 3.17.2 on Intel processors did not ensure that the\n value in the CR4 control register remains the same after a VM entry,\n which allowed host OS users to kill arbitrary processes or cause a\n denial of service (system disruption) by leveraging /dev/kvm access,\n as demonstrated by PR_SET_TSC prctl calls within a modified copy of\n QEMU (bnc#902232).\n * CVE-2014-4608: Multiple integer overflows in the\n lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in\n the LZO decompressor in the Linux kernel before 3.15.2 allowed\n context-dependent attackers to cause a denial of service (memory\n corruption) via a crafted Literal Run (bnc#883948).\n * CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the\n Linux kernel through 3.15.6 allowed local users to gain privileges\n by leveraging data-structure differences between an l2tp socket and\n an inet socket (bnc#887082).\n * CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the\n Linux kernel through 3.16.1 allowed local users to cause a denial of\n service (uncontrolled recursion, and system crash or reboot) via a\n crafted iso9660 image with a CL entry referring to a directory entry\n that has a CL entry (bnc#892490).\n * CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel through 3.16.1 allowed local\n users to cause a denial of service (unkillable mount process) via a\n crafted iso9660 image with a self-referential CL entry (bnc#892490).\n * CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel\n through 3.17.2 did not properly handle private syscall numbers\n during use of the ftrace subsystem, which allowed local users to\n gain privileges or cause a denial of service (invalid pointer\n dereference) via a crafted application (bnc#904013).\n * CVE-2014-7841: The sctp_process_param function in\n net/sctp/sm_make_chunk.c in the SCTP implementation in the Linux\n kernel before 3.17.4, when ASCONF is used, allowed remote attackers\n to cause a denial of service (NULL pointer dereference and system\n crash) via a malformed INIT chunk (bnc#905100).\n * CVE-2014-7842: Race condition in arch/x86/kvm/x86.c in the Linux\n kernel before 3.17.4 allowed guest OS users to cause a denial of\n service (guest OS crash) via a crafted application that performs an\n MMIO transaction or a PIO transaction to trigger a guest userspace\n emulation error report, a similar issue to CVE-2010-5313\n (bnc#905312).\n * CVE-2014-8134: The paravirt_ops_setup function in\n arch/x86/kernel/kvm.c in the Linux kernel through 3.18 uses an\n improper paravirt_enabled setting for KVM guest kernels, which made\n it easier for guest OS users to bypass the ASLR protection mechanism\n via a crafted application that reads a 16-bit value (bnc#909078).\n * CVE-2014-8369: The kvm_iommu_map_pages function in virt/kvm/iommu.c\n in the Linux kernel through 3.17.2 miscalculates the number of pages\n during the handling of a mapping failure, which allowed guest OS\n users to cause a denial of service (host OS page unpinning) or\n possibly have unspecified other impact by leveraging guest OS\n privileges. NOTE: this vulnerability exists because of an incorrect\n fix for CVE-2014-3601 (bnc#902675).\n * CVE-2014-8559: The d_walk function in fs/dcache.c in the Linux\n kernel through 3.17.2 did not properly maintain the semantics of\n rename_lock, which allowed local users to cause a denial of service\n (deadlock and system hang) via a crafted application (bnc#903640).\n * CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c\n in the Linux kernel before 3.13.5 did not properly maintain a\n certain tail pointer, which allowed remote attackers to obtain\n sensitive cleartext information by reading packets (bnc#904700).\n * CVE-2014-9584: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel before 3.18.2 did not validate a\n length value in the Extensions Reference (ER) System Use Field,\n which allowed local users to obtain sensitive information from\n kernel memory via a crafted iso9660 image (bnc#912654).\n * CVE-2014-9585: The vdso_addr function in arch/x86/vdso/vma.c in the\n Linux kernel through 3.18.2 did not properly choose memory locations\n for the vDSO area, which made it easier for local users to bypass\n the ASLR protection mechanism by guessing a location at the end of a\n PMD (bnc#912705).\n\n The following non-security bugs have been fixed:\n\n * Fix HDIO_DRIVE_* ioctl() Linux 3.9 regression (bnc#833588,\n bnc#905799).\n * HID: add usage_index in struct hid_usage (bnc#835839).\n * Revert PM / reboot: call syscore_shutdown() after\n disable_nonboot_cpus() Reduce time to shutdown large machines\n (bnc#865442 bnc#907396).\n * Revert kernel/sys.c: call disable_nonboot_cpus() in kernel_restart()\n Reduce time to shutdown large machines (bnc#865442 bnc#907396).\n * dm-mpath: fix panic on deleting sg device (bnc#870161).\n * futex: Unlock hb->lock in futex_wait_requeue_pi() error path (fix\n bnc#880892).\n * handle more than just WS2008 in heartbeat negotiation (bnc#901885).\n * memcg: do not expose uninitialized mem_cgroup_per_node to world\n (bnc#883096).\n * mm: fix BUG in __split_huge_page_pmd (bnc#906586).\n * pagecachelimit: reduce lru_lock congestion for heavy parallel\n reclaim fix (bnc#895680, bnc#907189).\n * s390/3215: fix hanging console issue (bnc#898693, bnc#897995,\n LTC#115466).\n * s390/cio: improve cio_commit_config (bnc#864049, bnc#898693,\n LTC#104168).\n * scsi_dh_alua: disable ALUA handling for non-disk devices\n (bnc#876633).\n * target/rd: Refactor rd_build_device_space + rd_release_device_space.\n * timekeeping: Avoid possible deadlock from clock_was_set_delayed\n (bnc#771619, bnc#915335).\n * xfs: recheck buffer pinned status after push trylock failure\n (bnc#907338).\n * xfs: remove log force from xfs_buf_trylock() (bnc#907338).\n\n Security Issues:\n\n * CVE-2012-4398\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4398</a>>\n * CVE-2013-2893\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2893</a>>\n * CVE-2013-2897\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2897</a>>\n * CVE-2013-2899\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2899</a>>\n * CVE-2013-2929\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2929</a>>\n * CVE-2013-7263\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7263</a>>\n * CVE-2014-0131\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131</a>>\n * CVE-2014-0181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0181</a>>\n * CVE-2014-2309\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2309</a>>\n * CVE-2014-3181\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3181</a>>\n * CVE-2014-3184\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3184</a>>\n * CVE-2014-3185\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3185</a>>\n * CVE-2014-3186\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3186</a>>\n * CVE-2014-3601\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3601</a>>\n * CVE-2014-3610\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3610</a>>\n * CVE-2014-3646\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3646</a>>\n * CVE-2014-3647\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3647</a>>\n * CVE-2014-3673\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3673</a>>\n * CVE-2014-3687\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3687</a>>\n * CVE-2014-3688\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3688</a>>\n * CVE-2014-3690\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3690</a>>\n * CVE-2014-4608\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608</a>>\n * CVE-2014-4943\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943</a>>\n * CVE-2014-5471\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5471</a>>\n * CVE-2014-5472\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-5472</a>>\n * CVE-2014-7826\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7826</a>>\n * CVE-2014-7841\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7841</a>>\n * CVE-2014-7842\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7842</a>>\n * CVE-2014-8134\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8134</a>>\n * CVE-2014-8369\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8369</a>>\n * CVE-2014-8559\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8559</a>>\n * CVE-2014-8709\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8709</a>>\n * CVE-2014-9584\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9584</a>>\n * CVE-2014-9585\n <<a rel=\"nofollow\" href=\"http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585\">http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9585</a>>\n", "published": "2015-03-11T20:05:42", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00010.html", "cvelist": ["CVE-2014-3646", "CVE-2014-8369", "CVE-2014-0131", "CVE-2010-5313", "CVE-2014-8134", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-3688", "CVE-2013-2929", "CVE-2014-7841", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-4943", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-5472", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-8559", "CVE-2014-3601", "CVE-2014-2309", "CVE-2013-2899", "CVE-2014-4608", "CVE-2014-9584", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-3690", "CVE-2012-4398", "CVE-2014-5471", "CVE-2014-7842", "CVE-2014-7826", "CVE-2014-9585", "CVE-2013-2893", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:50:51"}, {"id": "OPENSUSE-SU-2014:1669-1", "type": "suse", "title": "Security update for the Linux Kernel (important)", "description": "The openSUSE 12.3 kernel was updated to fix security issues:\n\n This will be the final kernel update for openSUSE 13.2 during its\n lifetime, which ends January 4th 2015.\n\n CVE-2014-9322: A local privilege escalation in the x86_64 32bit\n compatibility signal handling was fixed, which could be used by local\n attackers to crash the machine or execute code.\n\n CVE-2014-9090: The do_double_fault function in arch/x86/kernel/traps.c in\n the Linux kernel did not properly handle faults associated with the Stack\n Segment (SS) segment register, which allowed local users to cause a denial\n of service (panic) via a modify_ldt system call, as demonstrated by\n sigreturn_32 in the linux-clock-tests test suite.\n\n CVE-2014-8133: Insufficient validation of TLS register usage could leak\n information from the kernel stack to userspace.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-8884: Stack-based buffer overflow in the\n ttusbdecfe_dvbs_diseqc_send_master_cmd function in\n drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel allowed local\n users to cause a denial of service (system crash) or possibly gain\n privileges via a large message length in an ioctl call.\n\n CVE-2014-3186: Buffer overflow in the picolcd_raw_event function in\n devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the\n Linux kernel, as used in Android on Nexus 7 devices, allowed physically\n proximate attackers to cause a denial of service (system crash) or\n possibly execute arbitrary code via a crafted device that sends a large\n report.\n\n CVE-2014-7841: The sctp_process_param function in net/sctp/sm_make_chunk.c\n in the SCTP implementation in the Linux kernel, when ASCONF is used,\n allowed remote attackers to cause a denial of service (NULL pointer\n dereference and system crash) via a malformed INIT chunk.\n\n CVE-2014-4608: Multiple integer overflows in the lzo1x_decompress_safe\n function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the\n Linux kernel allowed context-dependent attackers to cause a denial\n of service (memory corruption) via a crafted Literal Run.\n\n CVE-2014-8709: The ieee80211_fragment function in net/mac80211/tx.c in the\n Linux kernel did not properly maintain a certain tail pointer, which\n allowed remote attackers to obtain sensitive cleartext information by\n reading packets.\n\n CVE-2014-3185: Multiple buffer overflows in the command_port_read_callback\n function in drivers/usb/serial/whiteheat.c in the Whiteheat USB Serial\n Driver in the Linux kernel allowed physically proximate attackers to\n execute arbitrary code or cause a denial of service (memory corruption and\n system crash) via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with a bulk response.\n\n CVE-2014-3184: The report_fixup functions in the HID subsystem in the\n Linux kernel might have allowed physically proximate attackers to cause a\n denial of service (out-of-bounds write) via a crafted device that provides\n a small report descriptor, related to (1) drivers/hid/hid-cherry.c, (2)\n drivers/hid/hid-kye.c, (3) drivers/hid/hid-lg.c, (4)\n drivers/hid/hid-monterey.c, (5) drivers/hid/hid-petalynx.c, and (6)\n drivers/hid/hid-sunplus.c.\n\n CVE-2014-3182: Array index error in the logi_dj_raw_event function in\n drivers/hid/hid-logitech-dj.c in the Linux kernel allowed physically\n proximate attackers to execute arbitrary code or cause a denial of service\n (invalid kfree) via a crafted device that provides a malformed\n REPORT_TYPE_NOTIF_DEVICE_UNPAIRED value.\n\n CVE-2014-3181: Multiple stack-based buffer overflows in the\n magicmouse_raw_event function in drivers/hid/hid-magicmouse.c in the Magic\n Mouse HID driver in the Linux kernel allowed physically proximate\n attackers to cause a denial of service (system crash) or possibly execute\n arbitrary code via a crafted device that provides a large amount of (1)\n EHCI or (2) XHCI data associated with an event.\n\n CVE-2014-7826: kernel/trace/trace_syscalls.c in the Linux kernel did not\n properly handle private syscall numbers during use of the ftrace\n subsystem, which allowed local users to gain privileges or cause a denial\n of service (invalid pointer dereference) via a crafted application.\n\n CVE-2013-7263: The Linux kernel updated certain length values before\n ensuring that associated data structures have been initialized, which\n allowed local users to obtain sensitive information from kernel stack\n memory via a (1) recvfrom, (2) recvmmsg, or (3) recvmsg system call,\n related to net/ipv4/ping.c, net/ipv4/raw.c, net/ipv4/udp.c,\n net/ipv6/raw.c, and net/ipv6/udp.c. This update fixes the leak of the port\n number when using ipv6 sockets. (bsc#853040).\n\n CVE-2014-6410: The __udf_read_inode function in fs/udf/inode.c in the\n Linux kernel did not restrict the amount of ICB indirection, which allowed\n physically proximate attackers to cause a denial of service (infinite loop\n or stack consumption) via a UDF filesystem with a crafted inode.\n\n CVE-2014-5471: Stack consumption vulnerability in the\n parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux\n kernel allowed local users to cause a denial of service (uncontrolled\n recursion, and system crash or reboot) via a crafted iso9660 image with a\n CL entry referring to a directory entry that has a CL entry.\n\n CVE-2014-5472: The parse_rock_ridge_inode_internal function in\n fs/isofs/rock.c in the Linux kernel allowed local users to cause a denial\n of service (unkillable mount process) via a crafted iso9660 image with a\n self-referential CL entry.\n\n CVE-2014-4508: arch/x86/kernel/entry_32.S in the Linux kernel on 32-bit\n x86 platforms, when syscall auditing is enabled and the sep CPU feature\n flag is set, allowed local users to cause a denial of service (OOPS and\n system crash) via an invalid syscall number, as demonstrated by number\n 1000.\n\n CVE-2014-4943: The PPPoL2TP feature in net/l2tp/l2tp_ppp.c in the Linux\n kernel allowed local users to gain privileges by leveraging data-structure\n differences between an l2tp socket and an inet socket.\n\n CVE-2014-5077: The sctp_assoc_update function in net/sctp/associola.c in\n the Linux kernel, when SCTP authentication is enabled, allowed remote\n attackers to cause a denial of service (NULL pointer dereference and OOPS)\n by starting to establish an association between two endpoints immediately\n after an exchange of INIT and INIT ACK chunks to establish an earlier\n association between these endpoints in the opposite direction.\n\n CVE-2014-4171: mm/shmem.c in the Linux kernel did not properly implement\n the interaction between range notification and hole punching, which\n allowed local users to cause a denial of service (i_mutex hold) by using\n the mmap system call to access a hole, as demonstrated by interfering with\n intended shmem activity by blocking completion of (1) an MADV_REMOVE\n madvise call or (2) an FALLOC_FL_PUNCH_HOLE fallocate call.\n\n\n\n CVE-2013-2888, CVE-2013-2889, CVE-2013-2890, CVE-2013-2891, CVE-2013-2892,\n CVE-2013-2893, CVE-2013-2894, CVE-2013-2895, CVE-2013-2896, CVE-2013-2897,\n CVE-2013-2898, CVE-2013-2899: Multiple issues in the Human Interface\n Device (HID) subsystem in the Linux kernel allowed physically proximate\n attackers to cause a denial of service\n or system crash via (heap-based out-of-bounds write) via a crafted device.\n (Not seperately listed.)\n\n Other bugfixes:\n - xfs: mark all internal workqueues as freezable (bnc#899785).\n\n - target/rd: Refactor rd_build_device_space + rd_release_device_space\n (bnc#882639)\n\n - Enable CONFIG_ATH9K_HTC for armv7hl/omap2plus config (bnc#890624)\n\n - swiotlb: don't assume PA 0 is invalid (bnc#865882).\n\n - drm/i915: Apply alignment restrictions on scanout surfaces for VT-d\n (bnc#818561).\n\n - tg3: Change nvram command timeout value to 50ms (bnc#768714).\n - tg3: Override clock, link aware and link idle mode during NVRAM dump\n (bnc#768714).\n - tg3: Set the MAC clock to the fastest speed during boot code load\n (bnc#768714).\n\n", "published": "2014-12-19T19:04:46", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00019.html", "cvelist": ["CVE-2014-5077", "CVE-2013-2894", "CVE-2014-3182", "CVE-2013-2896", "CVE-2013-2898", "CVE-2014-3186", "CVE-2014-9090", "CVE-2014-7841", "CVE-2013-2891", "CVE-2013-2892", "CVE-2014-4508", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-4171", "CVE-2014-5472", "CVE-2014-3185", "CVE-2013-2897", "CVE-2013-2890", "CVE-2014-8884", "CVE-2013-2899", "CVE-2014-4608", "CVE-2013-7263", "CVE-2014-6410", "CVE-2014-5471", "CVE-2014-8133", "CVE-2013-2895", "CVE-2014-7826", "CVE-2013-2888", "CVE-2013-2889", "CVE-2013-2893", "CVE-2014-3184"], "lastseen": "2016-09-04T11:41:56"}, {"id": "OPENSUSE-SU-2015:0566-1", "type": "suse", "title": "kernel update for Evergreen 11.4, includes leap second deadlock fix (important)", "description": "kernel update for Evergreen 11.4, includes leap second deadlock fix and\n fixes for other security and stability issues\n\n", "published": "2015-03-21T15:04:43", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00025.html", "cvelist": ["CVE-2014-3646", "CVE-2014-8369", "CVE-2014-0131", "CVE-2014-8134", "CVE-2014-3186", "CVE-2014-3673", "CVE-2014-9090", "CVE-2014-3688", "CVE-2013-2929", "CVE-2014-7841", "CVE-2014-4508", "CVE-2014-3647", "CVE-2014-3610", "CVE-2014-4943", "CVE-2014-9322", "CVE-2014-3181", "CVE-2014-8709", "CVE-2014-5472", "CVE-2014-3185", "CVE-2013-2897", "CVE-2014-8559", "CVE-2014-3601", "CVE-2014-2309", "CVE-2013-2899", "CVE-2014-4608", "CVE-2014-9584", "CVE-2013-7263", "CVE-2014-0181", "CVE-2014-3690", "CVE-2012-4398", "CVE-2014-5471", "CVE-2014-8133", "CVE-2014-7842", "CVE-2014-7826", "CVE-2014-9585", "CVE-2013-2893", "CVE-2014-3184", "CVE-2014-3687"], "lastseen": "2016-09-04T11:56:36"}]}}
