CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service…

CVE-2014-9529 [MEDIUM] CVE-2014-9529: Android Security Bulletin 2016-09-01 CVE: CVE-2014-9529 Severity: CRITICAL References: A-29510361 Upstream kernel Android Security Bulletin 2016-09-01 CVE: CVE-2014-9529 Severity: CRITICAL References: A-29510361 Upstream kernel

[LOW] Linux kernel (Trusty HWE) vulnerabilities regression Title: Linux kernel (Trusty HWE) vulnerabilities regression Summary: USN-2515-1 introduced a regression in the Linux kernel. USN-2515-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementat

[LOW] Linux kernel vulnerabilities regression Title: Linux kernel vulnerabilities regression Summary: USN-2516-1 introduced a regression in the Linux kernel. USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread L

[LOW] Linux kernel vulnerability regression Title: Linux kernel vulnerability regression Summary: USN-2516-1 introduced a regression in the Linux kernel. USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing us

CVE-2014-8133 [LOW] Linux kernel (Trusty HWE) vulnerabilities Title: Linux kernel (Trusty HWE) vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014

CVE-2014-9529 [MEDIUM] Linux kernel (EC2) vulnerabilities Title: Linux kernel (EC2) vulnerabilities Summary: Several security issues were fixed in the kernel. A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) Instructions: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile a

CVE-2013-7421 [LOW] Linux kernel (OMAP4) vulnerabilities Title: Linux kernel (OMAP4) vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chro

CVE-2014-8133 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A res

CVE-2014-8133 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A res

CVE-2014-9529 [MEDIUM] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the kernel. A race condition was discovered in the Linux kernel's key ring. A local user could cause a denial of service (memory corruption or panic) or possibly have unspecified impact via the keyctl commands. (CVE-2014-9529) A memory leak was discovered in the ISO 9660 CDROM file system when parsing rock ridge ER records. A local user could exploit this flaw to obtain sensitive information from kernel memory via a crafted iso9660 image. (CVE-2014-9584) Instructions: After a standard system update you need to reboot your computer to make all the necessary changes. ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and rei

CVE-2014-8133 [LOW] Linux kernel (Utopic HWE) vulnerabilities Title: Linux kernel (Utopic HWE) vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014

CVE-2013-7421 [LOW] Linux kernel vulnerabilities Title: Linux kernel vulnerabilities Summary: Several security issues were fixed in the kernel. A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) A flaw was discovered in the automatic loading of modules in the crypto subsystem of the Linux kernel. A local user could exploit this flaw to load installed kernel modules, increasing the attack surface and potentially using this to gain administrative privileges. (CVE-2013-7421) Andy Lutomirski discovered a flaw in how the Linux kernel handles pivot_root when used with a chroot direc

CVE-2014-9529 [MEDIUM] CWE-416 kernel: use-after-free during key garbage collection kernel: use-after-free during key garbage collection Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. A race condition flaw was found in the way the Linux kernel keys management subsystem performed key garbage collection. A local attacker could attempt accessing a key while it was being garbage collected, which would cause the system to crash. Statement: This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5. This issue affects the Linux kernel packages as shipped with Red

CVE-2014-9529 [MEDIUM] CVE-2014-9529: linux - Race condition in the key_gc_unused_keys function in security/keys/gc.c in the L... Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key. Scope: local bookworm: resolved (fixed in 3.16.7-ckt4-1) bullseye: resolved (fixed in 3.16.7-ckt4-1) forky: resolved (fixed in 3.16.7-ckt4-1) sid: resolved (fixed in 3.16.7-ckt4-1) trixie: resolved (fixed in 3.16.7-ckt4-1)

CVE-2014-9529 [MEDIUM] CWE-362 GHSA-wc9w-8x8g-533g: Race condition in the key_gc_unused_keys function in security/keys/gc Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

[LOW] linux vulnerabilities linux vulnerabilities USN-2516-1 fixed vulnerabilities in the Linux kernel, and the fix in USN-2516-2 was incomplete. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information

[LOW] linux vulnerability linux vulnerability USN-2516-1 fixed vulnerabilities in the Linux kernel. There was an unrelated regression in the use of the virtual counter (CNTVCT) on arm64 architectures. This update fixes the problem. We apologize for the inconvenience. Original advisory details: A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Spa

CVE-2015-0239 [LOW] linux vulnerabilities linux vulnerabilities A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules are specif

CVE-2015-0239 [LOW] linux-lts-utopic vulnerabilities linux-lts-utopic vulnerabilities A flaw was discovered in the Kernel Virtual Machine's (KVM) emulation of the SYSTENTER instruction when the guest OS does not initialize the SYSENTER MSRs. A guest OS user could exploit this flaw to cause a denial of service of the guest OS (crash) or potentially gain privileges on the guest OS. (CVE-2015-0239) Andy Lutomirski discovered an information leak in the Linux kernel's Thread Local Storage (TLS) implementation allowing users to bypass the espfix to obtain information that could be used to bypass the Address Space Layout Randomization (ASLR) protection mechanism. A local user could exploit this flaw to obtain potentially sensitive information from kernel memory. (CVE-2014-8133) A restriction bypass was discovered in iptables when conntrack rules

CVE-2014-9529 [MEDIUM] CVE-2014-9529: Race condition in the key_gc_unused_keys function in security/keys/gc Race condition in the key_gc_unused_keys function in security/keys/gc.c in the Linux kernel through 3.18.2 allows local users to cause a denial of service (memory corruption or panic) or possibly have unspecified other impact via keyctl commands that trigger access to a key structure member during garbage collection of a key.

CVE-2014-9529 [MEDIUM] Merge tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Merge tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs Pull keyrings fixes from David Howells: "Two fixes: - Fix for the order in which things are done during key garbage collection to prevent named keyrings causing a crash [CVE-2014-9529]. - Fix assoc_array to explicitly #include rcupdate.h to prevent compilation errors under certain circumstances" * tag 'keys-fixes-20150107' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs: assoc_array: Include rcupdate.h for call_rcu() definition KEYS: close race between key lookup and freeing

CVE-2014-9529 [MEDIUM] KEYS: close race between key lookup and freeing KEYS: close race between key lookup and freeing When a key is being garbage collected, it's key->user would get put before the ->destroy() callback is called, where the key is removed from it's respective tracking structures. This leaves a key hanging in a semi-invalid state which leaves a window open for a different task to try an access key->user. An example is find_keyring_by_name() which would dereference key->user for a key that is in the process of being garbage collected (where key->user was freed but ->destroy() wasn't called yet - so it's still present in the linked list). This would cause either a panic, or corrupt memory. Fixes CVE-2014-9529. Signed-off-by: Sasha Levin Signed-off-by: David Howells

CVE-2014-9529 [MEDIUM] CVE-2014-9529 kernel: memory corruption or panic during key garbage collection [fedora-all] CVE-2014-9529 kernel: memory corruption or panic during key garbage collection [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected versions of Fedora. For comments that are specific to the vulnerability please use bugs filed against the "Security Response" product referenced in the "Blocks" field. For more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When submitting as an update, use the fedpkg template provided in the next comment(s). This will include the bug IDs of this tracking bug as well as the relevant top-level CVE bugs. Please also mention the CVE IDs being fixed in the RPM changelog and the fedpkg commit message. NOTE: this issue affects multiple supporte

CVE-2014-9529 [MEDIUM] CVE-2014-9529 kernel: use-after-free during key garbage collection CVE-2014-9529 kernel: use-after-free during key garbage collection It was reported [1] that the Linux kernel suffered from a flaw when doing key garbage collection. The patch [1] describes the issue as: """ When a key is being garbage collected, it's key->user would get put before the ->destroy() callback is called, where the key is removed from it's respective tracking structures. This leaves a key hanging in a semi-invalid state which leaves a window open for a different task to try an access key->user. An example is find_keyring_by_name() which would dereference key->user for a key that is in the process of being garbage collected (where key->user was freed but ->destroy() wasn't called yet - so it's still present in the linked list). """ An unprivileged local user could use this f