{"id":"MGASA-2014-0453","summary":"Updated kernel packages fix security vulnerabilities","details":"This kernel update is based on upstream -longterm 3.14.23 and\nfixes the following security issues:\n\nThe kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux\nkernel through 3.16.1 miscalculates the number of pages during the\nhandling of a mapping failure, which allows guest OS users to (1)\ncause a denial of service (host OS memory corruption) or possibly\nhave unspecified other impact by triggering a large gfn value or\n(2) cause a denial of service (host OS memory consumption) by\ntriggering a small gfn value that leads to permanently pinned\npages (CVE-2014-3601).\n\nThe assoc_array_gc function in the associative-array implementation\nin lib/assoc_array.c in the Linux kernel before 3.16.3 does not\nproperly implement garbage collection, which allows local users to\ncause a denial of service (NULL pointer dereference and system\ncrash) or possibly have unspecified other impact via multiple\n\"keyctl newring\" operations followed by a \"keyctl timeout\"\noperation (CVE-2014-3631).\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel\nthrough 3.17 does not properly interact with certain locations of\na chroot directory, which allows local users to cause a denial of\nservice (mount-tree loop) via . (dot) values in both arguments to\nthe pivot_root system call (CVE-2014-7970).\n\nThe do_umount function in fs/namespace.c in the Linux kernel \nthrough 3.17 does not require the CAP_SYS_ADMIN capability for\ndo_remount_sb calls that change the root filesystem to read-only,\nwhich allows local users to cause a denial of service (loss of\nwritability) by making certain unshare system calls, clearing the\n/ MNT_LOCKED flag, and making an MNT_FORCE umount system call\n(CVE-2014-7975).\n\nOther fixes:\nThe X86_SYSFB config option has been disabled as it prevents\nproper KMS setup on some systems (mga#13098)\n\nThe cpupower default governor has been switched from ondemand to\nperformance as the intel_pstate driver (used on newer Intel cpus)\ndoes not support ondemand target.\n\nFor other fixes included in this update, read the referenced \nchangelogs.\n","modified":"2026-04-16T06:24:26.757469818Z","published":"2014-11-15T18:31:46Z","upstream":["CVE-2014-3601","CVE-2014-3631","CVE-2014-7970","CVE-2014-7975"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0453.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14301"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13098"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.19"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.20"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.21"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.22"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.23"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.23-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.14.23-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.5-6.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"rpm-mageia-setup","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/rpm-mageia-setup?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.197-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kmod-broadcom-wl","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.30.223.141-41.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kmod-fglrx","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"14.010.1006-11.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kmod-nvidia173","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kmod-nvidia173?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"173.14.39-26.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}},{"package":{"name":"kmod-nvidia-current","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"331.79-11.mga4.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0453.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}