{"id":"MGASA-2015-0386","summary":"Updated kernel packages provides 4.1 longterm and fixes security issues","details":"This kernel update provides an upgrade to the upstream 4.1 longterm kernel\nseries, currently based on 4.1.8 and resolves at least the following\nsecurity issues:\n\nIt was found that the Linux kernel's keyring implementation would leak\nmemory when adding a key to a keyring via the add_key() function. A\nlocal attacker could use this flaw to exhaust all available memory on\nthe system. (CVE-2015-1333)\n\nA flaw was found in the Linux kernel where the deletion of a file or\ndirectory could trigger an unmount and reveal data under a mount point.\nThis flaw was inadvertently introduced with the new feature of being able\nto lazily unmount a mount tree when using file system user namespaces.\n(CVE-2015-4176)\n\nA flaw was discovered in the kernel's collect_mounts function. If the kernel\naudit subsystem called collect_mounts to audit an unmounted path, it could\npanic the system. With this flaw, an unprivileged user could call umount\n(MNT_DETACH) to launch a denial-of-service attack. (CVE-2015-4177)\n\nA flaw was found in the Linux kernel which is related to the user namespace\nlazily unmounting file systems. The fs_pin struct has two members (m_list\nand s_list) which are usually initialized on use in the pin_insert_group\nfunction. However, these members might go unmodified; in this case, the\nsystem panics when it attempts to destroy or free them. This flaw could be\nused to launch a denial-of-service attack. (CVE-2015-4178)\n\nA DoS flaw was found for a Linux kernel built for the x86 architecture which\nhad the KVM virtualization support(CONFIG_KVM) enabled. The kernel would be\nvulnerable to a NULL pointer dereference flaw in Linux kernel's\nkvm_apic_has_events() function while doing an ioctl. An unprivileged user\nable to access the \"/dev/kvm\" device could use this flaw to crash the system\nkernel. (CVE-2015-4692)\n\nA flaw was found in the kernel's implementation of the Berkeley Packet\nFilter (BPF). A local attacker could craft BPF code to crash the system\nby creating a situation in which the JIT compiler would fail to correctly\noptimize the JIT image on the last pass. This would lead to the CPU\nexecuting instructions that were not part of the JIT code. (CVE-2015-4700)\n\nThe get_bitmap_file function in drivers/md/md.c in the Linux kernel before\n4.1.6 does not initialize a certain bitmap data structure, which allows\nlocal users to obtain sensitive information from kernel memory via a\nGET_BITMAP_FILE ioctl call. (CVE-2015-5697)\n\nUse-after-free vulnerability in the path_openat function in fs/namei.c in\nthe Linux kernel 3.x and 4.x before 4.0.4 allows local users to cause a\ndenial of service or possibly have unspecified other impact via O_TMPFILE\nfilesystem operations that leverage a duplicate cleanup operation.\n(CVE-2015-5706)\n\nIt was discovered that an integer overflow error existed in the SCSIgeneric\n(sg) driver in the Linux kernel. A local attacker with writepermission to a\nSCSI generic device could use this to cause a denial of service (system\ncrash) or potentially escalate their privileges. (CVE-2015-5707)\n\nAdditionally the following packages have been updated to add or improve \nsupport for the 4.1 series kernels: btrfs-progs, iproute2, xtables-addons,\nnvidia304, nvidia340, kernel-firmware-nonfree, radeon-firmware.\n\nFor other changes, see the referenced changelogs:\n","modified":"2026-02-04T03:45:28.834341Z","published":"2015-09-30T21:35:18Z","related":["CVE-2015-1333","CVE-2015-4176","CVE-2015-4177","CVE-2015-4178","CVE-2015-4692","CVE-2015-4700","CVE-2015-5697","CVE-2015-5706","CVE-2015-5707","CVE-2015-7312"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0386.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16655"},{"type":"REPORT","url":"http://kernelnewbies.org/Linux_4.0"},{"type":"REPORT","url":"http://kernelnewbies.org/Linux_4.1"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.1"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.2"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.3"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.4"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.5"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.6"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.7"},{"type":"REPORT","url":"https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.1.8"}],"affected":[{"package":{"name":"kernel","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.8-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kernel-userspace-headers","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-userspace-headers?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.8-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kernel-firmware","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-firmware?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20150722-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"btrfs-progs","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/btrfs-progs?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.2-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"iproute2","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/iproute2?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1.1-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-xtables-addons","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-xtables-addons?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.7-4.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kernel-firmware-nonfree","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kernel-firmware-nonfree?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20150824-1.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"radeon-firmware","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/radeon-firmware?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20150824-1.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-broadcom-wl","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-broadcom-wl?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.30.223.248-36.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-fglrx","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-fglrx?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"15.200.1046-5.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"nvidia304","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nvidia304?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"304.125-5.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-nvidia304","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-nvidia304?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"304.125-41.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"nvidia340","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/nvidia340?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"340.76-2.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-nvidia340","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-nvidia340?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"340.76-31.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}},{"package":{"name":"kmod-nvidia-current","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/kmod-nvidia-current?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"346.82-3.mga5.nonfree"}]}],"ecosystem_specific":{"section":"nonfree"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0386.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}