[security-announce] Kernel (linux-qoriq 3.12): Security Update

Sona Sarmadi sona.sarmadi at enea.com
Fri Dec 4 10:48:01 CET 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Enea Linux Security Advisory

=========================================================
Product/package: kernel (linux-qoriq - 3.12)
Severity: High
CVE Names: CVE-2014-8159
Layer: meta-enea
=========================================================

This security update fixes a unprotected physical memory access
in the Linux kernel's Infiniband subsystem .

Description
===========
It was found that the Linux kernel's Infiniband subsystem did not
properly sanitize input parameters while registering memory regions
from user space via the (u)verbs API. A local user with access to a
/dev/infiniband/uverbsX device could use this flaw to crash the
system or, potentially, escalate their privileges on the system.

References:
===========
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8159

Upstream/original fix:
======================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/pat
ch/?id=f6094cbab915952132434cc50d738c2976cb4457

Correction for Enea Linux
=========================
http://git.enea.com/cgit/linux/meta-enea.git/patch/?id=0db36d5a6f3cdeee6
b4fc1184241b96d772e9d46

How to get the latest patches
=============================
 - If you have already cloned meta-enea, update it to get new security
patches.

cd Enea-Linux-5.0/poky/meta-enea
git pull

 - If you have not yet cloned needed repositories, do it as described
below. (Security patches are fetched implicitly when cloning the repos).

mkdir Enea-Linux-5.0
git -C Enea-Linux-5.0 clone -b dizzy git://git.enea.com/linux/poky.git
POKY=Enea-Linux-5.0/poky
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-enea.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-hierofalcon.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/meta-linaro.git
git -C $POKY clone -b dizzy git://git.enea.com/linux/\
meta-openembedded.git
git -C $POKY clone -b dizzy
git://git.enea.com/linux/meta-virtualization.git
git -C $POKY/meta-enea clone -b dizzy
git://git.enea.com/linux/meta-enea/meta-vt.git


If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWYWFPAAoJEHc+9u9ocWoUwA0P/1l51BhdhktI9nIIMoX7JZ98
FHEOBeRKuYngY/11FMS8GYgEaFAOMG6yUEuzFEFdQtG9OqOCQMs/BEEz7Qv95P+k
Ip3wDZKknprDfMXDA763flaLkGGRH6+fezk52R9UD7x6XkfQQ++bXxXC3tSlWubp
p1EyIa9hwZcYMEjdtprpxHU1Z7GrqxSp1/EqDtsFdOzheU6uLzT4Nct9vfBGmmaC
0VoGkpgor+MPuHda76JPomRSs1T56XpCryGMScMZ1xwjJGymME3R143d5NP509BJ
OhdXUJ8750A2XJZkg2TLmZ7KtjSguCRzNXfHIZFi7P7E2Um0bS5rm0m46GLNPGI8
jA+QFvzjAxaVbud+oBgFR/EHT03bNiyQUDAbQYCs3I2YTmkRrL4ovbYWHZ0I6Su0
b1zN6B81GMKTioG2nAIi3ihQXg2G/Xmoy4Iv5RGuJFR8xgeCpfXzJmaIDNpFOMWN
CtuVkOEgFXnjh99Nnlg44MVGAMaag//vcxBgT8aMlsrk2njPemEZCC6yiFepQ5oZ
SKk25FE7NPFnLXUl9xkZRpVpxNyc88ZHZ5ITkMTNJof9tbkGAOVjbg1gC+sJBGhZ
Nt1w/VqRGPaxBSqjIgKLKRBS2wG/Izfv+90BKzg+VNDJQ03d/lJjkFjnEMdvZS6s
A1Jqq2grgsHDF+BIiNo4
=218u
-----END PGP SIGNATURE-----



More information about the security-announce mailing list