{"id":"MGASA-2014-0456","summary":"Updated kernel-linus packages fix security vulnerabilities","details":"This kernel-linus update is based on upstream -longterm 3.10.58 and\nfixes the following security issues:\n\nThe kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux\nkernel through 3.16.1 miscalculates the number of pages during the\nhandling of a mapping failure, which allows guest OS users to (1)\ncause a denial of service (host OS memory corruption) or possibly\nhave unspecified other impact by triggering a large gfn value or\n(2) cause a denial of service (host OS memory consumption) by\ntriggering a small gfn value that leads to permanently pinned\npages (CVE-2014-3601).\n\nThe assoc_array_gc function in the associative-array implementation\nin lib/assoc_array.c in the Linux kernel before 3.16.3 does not\nproperly implement garbage collection, which allows local users to\ncause a denial of service (NULL pointer dereference and system\ncrash) or possibly have unspecified other impact via multiple\n\"keyctl newring\" operations followed by a \"keyctl timeout\"\noperation (CVE-2014-3631).\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel\nthrough 3.17 does not properly interact with certain locations of\na chroot directory, which allows local users to cause a denial of\nservice (mount-tree loop) via . (dot) values in both arguments to\nthe pivot_root system call (CVE-2014-7970).\n\nThe do_umount function in fs/namespace.c in the Linux kernel \nthrough 3.17 does not require the CAP_SYS_ADMIN capability for\ndo_remount_sb calls that change the root filesystem to read-only,\nwhich allows local users to cause a denial of service (loss of\nwritability) by making certain unshare system calls, clearing the\n/ MNT_LOCKED flag, and making an MNT_FORCE umount system call\n(CVE-2014-7975).\n\nFor other fixes included in this update, read the referenced \nchangelogs.\n","modified":"2026-04-16T06:23:09.899215276Z","published":"2014-11-15T18:31:46Z","upstream":["CVE-2014-3601","CVE-2014-3631","CVE-2014-7970","CVE-2014-7975"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0456.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14307"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57"},{"type":"WEB","url":"https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58"}],"affected":[{"package":{"name":"kernel-linus","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.10.58-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0456.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}