Package name
kernel
Date
2014-02-17
Advisory ID
MDVSA-2014:038
Affected versions
MBS1 x86_64

Problem description

Multiple vulnerabilities has been found and corrected in the Linux
kernel:

The compat_sys_recvmmsg function in net/compat.c in the Linux kernel
before 3.13.2, when CONFIG_X86_X32 is enabled, allows local users
to gain privileges via a recvmmsg system call with a crafted timeout
pointer parameter (CVE-2014-0038).

The restore_fpu_checking function in
arch/x86/include/asm/fpu-internal.h in the Linux kernel before 3.12.8
on the AMD K7 and K8 platforms does not clear pending exceptions
before proceeding to an EMMS instruction, which allows local users
to cause a denial of service (task kill) or possibly gain privileges
via a crafted application (CVE-2014-1438).

The yam_ioctl function in drivers/net/hamradio/yam.c in the Linux
kernel before 3.12.8 does not initialize a certain structure member,
which allows local users to obtain sensitive information from kernel
memory by leveraging the CAP_NET_ADMIN capability for an SIOCYAMGCFG
ioctl call (CVE-2014-1446).

The updated packages provides a solution for these security issues.

Updated packages

MBS1 x86_64

 d1faf9544075ff4790e29edd6e7061f6  mbs1/x86_64/cpupower-3.4.80-1.1.mbs1.x86_64.rpm
 3498721d639bf646ed55e2903ce728e4  mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.noarch.rpm
 f9927f4b1512a26d874a82a99636fb09  mbs1/x86_64/kernel-firmware-3.4.80-1.1.mbs1.src.rpm
 e874467839b96e04bebd0c5b24f31fc3  mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.src.rpm
 208f74225f3d18189a871ac308c8df5b  mbs1/x86_64/kernel-headers-3.4.80-1.1.mbs1.x86_64.rpm
 e1f82c2b50db46cdb4db2daa933f7173  mbs1/x86_64/kernel-server-3.4.80-1.1.mbs1.x86_64.rpm
 ed0d8eed6c61553e73121117bcfc978f  mbs1/x86_64/kernel-server-devel-3.4.80-1.1.mbs1.x86_64.rpm
 00ca38d2289182149e8f43c6871711e8  mbs1/x86_64/kernel-source-3.4.80-1.mbs1.noarch.rpm
 429b6e48ee63a03a83577a710bc5368d  mbs1/x86_64/lib64cpupower0-3.4.80-1.1.mbs1.x86_64.rpm
 a6e3898905be2a8d7ded39a5312f7670  mbs1/x86_64/lib64cpupower-devel-3.4.80-1.1.mbs1.x86_64.rpm
 086bc3e49adec4147aa1138ae5d5245c  mbs1/x86_64/perf-3.4.80-1.1.mbs1.x86_64.rpm 
 f5a65feb515d65f9f1f526f6294af2c3  mbs1/SRPMS/cpupower-3.4.80-1.1.mbs1.src.rpm
 56fafb86f60233b29fcd8d42d35e4678  mbs1/SRPMS/kernel-server-3.4.80-1.1.mbs1.src.rpm
 715647161acd9ec082c0a2fef0f35fc3  mbs1/SRPMS/kernel-source-3.4.80-1.mbs1.src.rpm
 cc72e360fa32823a575d1c9536fdecc3  mbs1/SRPMS/perf-3.4.80-1.1.mbs1.src.rpm

References