MGASA-2014-0330

Updated kernel-linus provides upstream 3.10.51 kernel and fixes the following security issues:

Array index error in the aioreadevents_ring function in fs/aio.c in the Linux kernel through 3.15.1 allows local users to obtain sensitive information from kernel memory via a large head value (CVE-2014-0206).

The Netlink implementation in the Linux kernel through 3.14.1 does not provide a mechanism for authorizing socket operations based on the opener of a socket, which allows local users to bypass intended access restrictions and modify network configurations by using a Netlink socket for the (1) stdout or (2) stderr of a setuid program. (CVE-2014-0181)

media-device: fix infoleak in ioctl mediaenumentities() (CVE-2014-1739)

The futexrequeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEXREQUEUE command that facilitates unsafe waiter modification. (CVE-2014-3153)

kernel/auditsc.c in the Linux kernel through 3.14.5, when AUDITSYSCALL is enabled with certain syscall rules, allows local users to obtain potentially sensitive single-bit values from kernel memory or cause a denial of service (OOPS) via a large value of a syscall number. (CVE-2014-3917)

Andy Lutomirski has reported a vulnerability in Linux Kernel, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to an error related to checking Inode capabilities, which can be exploited to conduct certain actions with escalated privileges. Successful exploitation requires a kernel built with user namespaces (USER_NS) enabled. (CVE-2014-4014)

mm/shmem.c in the Linux kernel through 3.15.1 does not properly implement the interaction between range notification and hole punching, which allows local users to cause a denial of service (imutex hold) by using the mmap system call to access a hole, as demonstrated by interfering with intended shmem activity by blocking completion of (1) an MADVREMOVE madvise call or (2) an FALLOCFLPUNCH_HOLE fallocate call (CVE-2014-4171).

arch/x86/kernel/entry_32.S in the Linux kernel through 3.15.1 on 32-bit x86 platforms, when syscall auditing is enabled and the sep CPU feature flag is set, allows local users to cause a denial of service (OOPS and system crash) via an invalid syscall number, as demonstrated by number 1000 (CVE-2014-4508).

For other fixes, see the referenced changelogs.