{"id":"MGASA-2014-0228","summary":"Updated kernel packages fix multiple vulnerabilities","details":"Updated kernel provides upstream 3.10.40 kernel and fixes the\nfollowing security issues:\n\nThe microcode on AMD 16h 00h through 0Fh processors does not properly\nhandle the interaction between locked instructions and write-combined\nmemory types, which allows local users to cause a denial of service\n(system hang) via a crafted application, aka the errata 793 issue. \n(CVE-2013-6885)\n\nBuffer overflow in the complete_emulated_mmio function in arch/x86/kvm/\nx86.c in the Linux kernel before 3.13.6 allows guest OS users to execute\narbitrary code on the host OS by leveraging a loop that triggers an\ninvalid memory copy affecting certain cancel_work_item data. \n(CVE-2014-0049)\n\nThe get_rx_bufs function in drivers/vhost/net.c in the vhost-net subsystem\nin the Linux kernel package before 2.6.32-431.11.2 on Red Hat Enterprise\nLinux (RHEL) 6 does not properly handle vhost_get_vq_desc errors, which\nallows guest OS users to cause a denial of service (host OS crash) via\nunspecified vectors. (CVE-2014-0055)\n\nThe cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through\n3.13.5 does not properly handle uncached write operations that copy fewer\nthan the requested number of bytes, which allows local users to obtain\nsensitive information from kernel memory, cause a denial of service\n(memory corruption and system crash), or possibly gain privileges via a\nwritev system call with a crafted pointer. (CVE-2014-0069)\n\ndrivers/vhost/net.c in the Linux kernel before 3.13.10, when mergeable\nbuffers are disabled, does not properly validate packet lengths, which\nallows guest OS users to cause a denial of service (memory corruption and\nhost OS crash) or possibly gain privileges on the host OS via crafted\npackets, related to the handle_rx and get_rx_bufs functions. \n(CVE-2014-0077)\n\nThe ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel\nthrough 3.14.1 does not properly validate the kvm_irq_delivery_to_apic\nreturn value, which allows guest OS users to cause a denial of service\n(host OS crash) via a crafted entry in the redirection table of an I/O\nAPIC. NOTE: the affected code was moved to the ioapic_service function\nbefore the vulnerability was announced. (CVE-2014-0155)\n\nThe n_tty_write function in drivers/tty/n_tty.c in the Linux kernel\nthrough 3.14.3 does not properly manage tty driver access in the\n\"LECHO & !OPOST\" case, which allows local users to cause a denial of\nservice (memory corruption and system crash) or gain privileges by\ntriggering a race condition involving read and write operations with\nlong strings. (CVE-2014-0196)\n\nThe raw_cmd_copyin function in drivers/block/floppy.c in the Linux\nkernel through 3.14.3 does not properly handle error conditions during\nprocessing of an FDRAWCMD ioctl call, which allows local users to trigger\nkfree operations and gain privileges by leveraging write access to a\n/dev/fd device.  (CVE-2014-1737)\n\nThe raw_cmd_copyout function in drivers/block/floppy.c in the Linux\nkernel through 3.14.3 does not properly restrict access to certain\npointers during processing of an FDRAWCMD ioctl call, which allows\nlocal users to obtain sensitive information from kernel heap memory\nby leveraging write access to a /dev/fd device. (CVE-2014-1738)\n\nInteger overflow in the ping_init_sock function in net/ipv4/ping.c in the\nLinux kernel through 3.14.1 allows local users to cause a denial of service\n(use-after-free and system crash) or possibly gain privileges via a crafted\napplication that leverages an improperly managed reference counter.\n(CVE-2014-2851)\n\nFor other fixes, see the referenced changelogs.\n","modified":"2026-04-16T06:25:28.707862350Z","published":"2014-05-19T18:37:48Z","upstream":["CVE-2013-6885","CVE-2014-0049","CVE-2014-0055","CVE-2014-0069","CVE-2014-0077","CVE-2014-0155","CVE-2014-0196","CVE-2014-1737","CVE-2014-1738","CVE-2014-2851"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0228.html"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.40"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.39"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.38"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.37"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.36"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.35"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.34"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.33"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.32"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.31"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.30"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.29"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13397"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.40-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.40-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-vboxadditions","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-vboxadditions?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.10-5.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-virtualbox","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-virtualbox?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.3.10-5.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.3-15.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-broadcom-wl","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.30.223.141-15.mga3.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-fglrx","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"13.251-5.mga3.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-nvidia173","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-nvidia173?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"173.14.38-30.mga3.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-nvidia304","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"304.108-15.mga3.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}},{"package":{"name":"kmod-nvidia-current","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"319.60-15.mga3.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0228.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}