[security-announce] Kernel: Security update

Sona Sarmadi sona.sarmadi at enea.com
Fri May 15 13:33:43 CEST 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

		Enea Linux Security Advisory	

=========================================================
Product/package: kernel (FSL kernel: 3.8.11)
Severity: Important
CVE Names: CVE-2014-8159
Layer: meta-enea
=========================================================

This security update fixes an unprotected physical memory
access in the Linux kernel's InfiniBand/RDMA subsystem.

Signed/SHA512 patch/README files
================================
0072-IB-uverbs-CVE-2014-8159.REAME.asc
0072-IB-uverbs-CVE-2014-8159.patch.asc
0072-IB-uverbs-CVE-2014-8159.patch.sha

Description
===========
It was found that the Linux kernel's InfiniBand/RDMA subsystem
did not properly sanitize input parameters while registering memory
regions from user space via the (u)verbs API. A local user with
access to a /dev/infiniband/uverbsX device could use this flaw
to crash the system or, potentially, escalate their privileges
on the system.

References
==========
http://www.securitytracker.com/id/1032224
http://www.openwall.com/lists/oss-security/2015/03/18/15

How to apply the patches
=======================
- - Preparation
Make sure that you have an installation of Enea Linux and have
applied the existing FSL kernel patches in the right order

wget https://linux.enea.com/4.0/Enea-Linux-4.0.tar.gz
tar zxf Enea-Linux-4.0.tar.gz
cd Enea-Linux-4.0/poky/
<Fetch and apply the existing patches >

- - Fetch and apply the new patch
cd Enea-Linux-4.0/poky/meta-enea
wget
https://linux.enea.com/4.0/patches/0072-IB-uverbs-CVE-2014-8159.patch.as
c
patch -p1 < ./0072-IB-uverbs-CVE-2014-8159.patch.asc

If you have any questions regarding the security patches and security
updates please contact security at enea.com.

Enea Security Team
Sona Sarmadi
Mobile: +46 70 971 4475
www.enea.com

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBAgAGBQJVVdmXAAoJEHc+9u9ocWoU8+MP/2fVrmdYAgTC3RTbBgNEaMXZ
JdmqqWH0x6YNJiO/6Cb7gtnEYmOqGzvprKqUMSBDtJkMvF7Qu8UM+f9NMtCFd84d
YeTRaMB2PRhlpjTdEljvwPlqVWb5g8XM37D1TQlbpQuskA72N3u8MzU/YlWRlmOZ
vYnaTIG7+FPrVGd/WwOXDmTTsUVkA/PXTCYwDhjk34iW4+z5B7vCfsP0k3gBEhbR
Z03EIklVEnlWl3X4TKpaMQj7v2ynbc8lUQQh2xDly83jqINVQPAYVVjDLh/FwWfh
AuYlCjMqqhuqub206WIM4vdF/wIW55QuZrmtPcjRnBuKW1ApZHlx/emsw9QhnO1S
nlRQp3GGwNnIn5oRHzbBYWx1dLCzxDJs85yc5jkbqY6903DHhpaO+eGJsfY0FPTH
ouDCXA0yOGa4DFtL4cWMBfF9KPmws5zwJ3F1+1sLaKAj3Ttph+nTZSjCCiOvgttV
h//XoxCEZIwFWXw6JsHNchraNQiUGlpp0OSQcvY5dnwrlOP2t+IgiLkpTC+S9+6Q
x1pAv6j8KK0WPCR62KhpbcfRe709teroe1/cZTvf/j7e0il9P+7KTv5oiXMQyGCt
DInR7QmVBI08O/3ADF3y55QXkzSXYvWL4UHGD98Jw9eUOqfnK07RHJqTFsUZWOkv
taIW5aqMS6mhmxh0sIrk
=XalS
-----END PGP SIGNATURE-----



More information about the security-announce mailing list