{
  "schema_version": "1.6.2",
  "id": "MGASA-2014-0456",
  "published": "2014-11-15T18:31:46Z",
  "modified": "2014-11-15T18:14:16Z",
  "summary": "Updated kernel-linus packages fix security vulnerabilities",
  "details": "This kernel-linus update is based on upstream -longterm 3.10.58 and\nfixes the following security issues:\n\nThe kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux\nkernel through 3.16.1 miscalculates the number of pages during the\nhandling of a mapping failure, which allows guest OS users to (1)\ncause a denial of service (host OS memory corruption) or possibly\nhave unspecified other impact by triggering a large gfn value or\n(2) cause a denial of service (host OS memory consumption) by\ntriggering a small gfn value that leads to permanently pinned\npages (CVE-2014-3601).\n\nThe assoc_array_gc function in the associative-array implementation\nin lib/assoc_array.c in the Linux kernel before 3.16.3 does not\nproperly implement garbage collection, which allows local users to\ncause a denial of service (NULL pointer dereference and system\ncrash) or possibly have unspecified other impact via multiple\n\"keyctl newring\" operations followed by a \"keyctl timeout\"\noperation (CVE-2014-3631).\n\nThe pivot_root implementation in fs/namespace.c in the Linux kernel\nthrough 3.17 does not properly interact with certain locations of\na chroot directory, which allows local users to cause a denial of\nservice (mount-tree loop) via . (dot) values in both arguments to\nthe pivot_root system call (CVE-2014-7970).\n\nThe do_umount function in fs/namespace.c in the Linux kernel \nthrough 3.17 does not require the CAP_SYS_ADMIN capability for\ndo_remount_sb calls that change the root filesystem to read-only,\nwhich allows local users to cause a denial of service (loss of\nwritability) by making certain unshare system calls, clearing the\n/ MNT_LOCKED flag, and making an MNT_FORCE umount system call\n(CVE-2014-7975).\n\nFor other fixes included in this update, read the referenced \nchangelogs.\n",
  "related": [
    "CVE-2014-3601",
    "CVE-2014-3631",
    "CVE-2014-7970",
    "CVE-2014-7975"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2014-0456.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=14307"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.52"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.53"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.54"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.55"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.56"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.57"
    },
    {
      "type": "REPORT",
      "url": "https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.58"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:3",
        "name": "kernel-linus",
        "purl": "pkg:rpm/mageia/kernel-linus?arch=source&distro=mageia-3"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.10.58-1.mga3"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}