ID

VAR-201406-0230

CVE

CVE-2014-4027

TITLE

Linux kernel of drivers/target/target_core_rd.c Inside rd_build_device_space Vulnerabilities that capture important information in functions

DESCRIPTION

The rd_build_device_space function in drivers/target/target_core_rd.c in the Linux kernel before 3.14 does not properly initialize a certain data structure, which allows local users to obtain sensitive information from ramdisk_mcp memory by leveraging access to a SCSI initiator. Linux Kernel is prone to an information-disclosure vulnerability. An attacker can exploit this issue to obtain sensitive information; information obtained may aid in other attacks. Linux Kernel 2.6.38 through versions prior to 3.14 are affected. The NFSv4 implementation is one of the distributed file system protocols. The vulnerability is due to the fact that the program does not initialize the data structure correctly. ============================================================================ Ubuntu Security Notice USN-2336-1 September 02, 2014 linux-lts-trusty vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 12.04 LTS Summary: Several security issues were fixed in the kernel. Software Description: - linux-lts-trusty: Linux hardware enablement kernel from Trusty Details: A flaw was discovered in the Linux kernel virtual machine's (kvm) validation of interrupt requests (irq). A guest OS user could exploit this flaw to cause a denial of service (host OS crash). (CVE-2014-0155) Andy Lutomirski discovered a flaw in the authorization of netlink socket operations when a socket is passed to a process of more privilege. A local user could exploit this flaw to bypass access restrictions by having a privileged executable do something it was not intended to do. (CVE-2014-0181) An information leak was discovered in the Linux kernels aio_read_events_ring function. (CVE-2014-0206) A flaw was discovered in the Linux kernel's implementation of user namespaces with respect to inode permissions. A local user could exploit this flaw by creating a user namespace to gain administrative privileges. (CVE-2014-4014) An information leak was discovered in the rd_mcp backend of the iSCSI target subsystem in the Linux kernel. (CVE-2014-4027) Sasha Levin reported an issue with the Linux kernel's shared memory subsystem when used with range notifications and hole punching. A local user could exploit this flaw to cause a denial of service. (CVE-2014-4171) Toralf F=C3=B6rster reported an error in the Linux kernels syscall auditing on 32 bit x86 platforms. A local user could exploit this flaw to cause a denial of service (OOPS and system crash). (CVE-2014-4508) An information leak was discovered in the control implemenation of the Advanced Linux Sound Architecture (ALSA) subsystem in the Linux kernel. (CVE-2014-4652) A use-after-free flaw was discovered in the Advanced Linux Sound Architecture (ALSA) control implementation of the Linux kernel. A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4653) A authorization bug was discovered with the snd_ctl_elem_add function of the Advanced Linux Sound Architecture (ALSA) in the Linux kernel. A local user could exploit his bug to cause a denial of service (remove kernel controls). (CVE-2014-4654) A flaw discovered in how the snd_ctl_elem function of the Advanced Linux Sound Architecture (ALSA) handled a reference count. A local user could exploit this flaw to cause a denial of service (integer overflow and limit bypass). (CVE-2014-4655) An integer overflow flaw was discovered in the control implementation of the Advanced Linux Sound Architecture (ALSA). A local user could exploit this flaw to cause a denial of service (system crash). (CVE-2014-4656) An integer underflow flaw was discovered in the Linux kernel's handling of the backlog value for certain SCTP packets. A remote attacker could exploit this flaw to cause a denial of service (socket outage) via a crafted SCTP packet. (CVE-2014-4667) Vasily Averin discover a reference count flaw during attempts to umount in conjunction with a symlink. A local user could exploit this flaw to cause a denial of service (memory consumption or use after free) or possibly have other unspecified impact. (CVE-2014-5045) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 12.04 LTS: linux-image-3.13.0-35-generic 3.13.0-35.62~precise1 linux-image-3.13.0-35-generic-lpae 3.13.0-35.62~precise1 After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. If you use linux-restricted-modules, you have to update that package as well to get modules which work with the new kernel version. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-server, linux-powerpc), a standard system upgrade will automatically perform this as well. References: http://www.ubuntu.com/usn/usn-2336-1 CVE-2014-0155, CVE-2014-0181, CVE-2014-0206, CVE-2014-4014, CVE-2014-4027, CVE-2014-4171, CVE-2014-4508, CVE-2014-4652, CVE-2014-4653, CVE-2014-4654, CVE-2014-4655, CVE-2014-4656, CVE-2014-4667, CVE-2014-5045 Package Information: https://launchpad.net/ubuntu/+source/linux-lts-trusty/3.13.0-35.62~precise1 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2014:155 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : kernel Date : August 7, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: Multiple vulnerabilities has been found and corrected in the Linux kernel: Multiple buffer overflows in drivers/staging/wlags49_h2/wl_priv.c in the Linux kernel before 3.12 allow local users to cause a denial of service or possibly have unspecified other impact by leveraging the CAP_NET_ADMIN capability and providing a long station-name string, related to the (1) wvlan_uil_put_info and (2) wvlan_set_station_nickname functions (CVE-2013-4514). The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls (CVE-2014-4699). The updated packages provides a solution for these security issues. _______________________________________________________________________ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4514 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0131 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4027 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4608 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4652 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4653 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4654 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4655 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4656 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4667 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4699 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4943 _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: c2f39cb08d096b60bc8bbd2ae8f11e19 mbs1/x86_64/cpupower-3.4.100-1.1.mbs1.x86_64.rpm 3db9df4dbdd04f72ef30734bbb001322 mbs1/x86_64/kernel-firmware-3.4.100-1.1.mbs1.noarch.rpm c4abbe488cd50058ee544f6c39c8ea95 mbs1/x86_64/kernel-headers-3.4.100-1.1.mbs1.x86_64.rpm aee7594e36d538798a7d0ac4f0ba4c47 mbs1/x86_64/kernel-server-3.4.100-1.1.mbs1.x86_64.rpm a2cfe35a3117b2cfe3de75589612b540 mbs1/x86_64/kernel-server-devel-3.4.100-1.1.mbs1.x86_64.rpm 75fffbe82cefb6e8cfdc502c8dfdbd9a mbs1/x86_64/lib64cpupower0-3.4.100-1.1.mbs1.x86_64.rpm fe94d08a35090e84cec11a1d03cd38d8 mbs1/x86_64/lib64cpupower-devel-3.4.100-1.1.mbs1.x86_64.rpm 0a9dab31e19cf4740e0f10dd58ae031c mbs1/x86_64/perf-3.4.100-1.1.mbs1.x86_64.rpm f34e4ceff2962eb6e7177043e4b0fd2f mbs1/SRPMS/cpupower-3.4.100-1.1.mbs1.src.rpm 9ee8ebf3071324459be1970d8dc3c3e0 mbs1/SRPMS/kernel-firmware-3.4.100-1.1.mbs1.src.rpm faefe75b8ba9efdc50f8028700991a7c mbs1/SRPMS/kernel-headers-3.4.100-1.1.mbs1.src.rpm 845229627d2cb959547db1cbfe81753f mbs1/SRPMS/kernel-server-3.4.100-1.1.mbs1.src.rpm 30b1055810489c6b4e89623c7768e182 mbs1/SRPMS/perf-3.4.100-1.1.mbs1.src.rpm _______________________________________________________________________ To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. All packages are signed by Mandriva for security. You can obtain the GPG public key of the Mandriva Security Team by executing: gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98 You can view other update advisories for Mandriva Linux at: http://www.mandriva.com/en/support/security/advisories/ If you want to report vulnerabilities, please contact security_(at)_mandriva.com _______________________________________________________________________ Type Bits/KeyID Date User ID pub 1024D/22458A98 2000-07-10 Mandriva Security Team <security*mandriva.com> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iD8DBQFT4yfXmqjQ0CJFipgRAuk5AKDbuUKogDrhb4iKIs1yOP4IQdpAcwCgodf8 OMQTfJFCDxSAMSI8iUevOkc= =mxBf -----END PGP SIGNATURE----- . (CVE-2014-4943) Michael S

AFFECTED PRODUCTS

CVSS

PROBLEMTYPE DATA

THREAT TYPE

specific network environment

TYPE

permissions and access control

CONFIGURATIONS

PATCH

EXTERNAL IDS

REFERENCES

CREDITS

Ubuntu

SOURCES

LAST UPDATE DATE

2025-01-10T21:58:47.370000+00:00

SOURCES UPDATE DATE

SOURCES RELEASE DATE