CloudLinux - CloudLinux Blog - KernelCare local privilege escalation patch for PCS/OpenVZ/CL6/CL5h/CentOS6/RHEL6 CVE-2014-9322
RSS

KernelCare local privilege escalation patch for PCS/OpenVZ/CL6/CL5h/CentOS6/RHEL6 CVE-2014-9322

This update includes patch for CVE-2014-9322 vulnerability. I am sorry about unusual delay with this patch. This patch was the most complex patch we have seen so far. It was in assembler code, while most patches are in C. It was altering how interrupt handlers work. It is highly unusual, and there were no such security patches in the past 3 years. We had to add special handing to our patch generation software to accommodate for that, and it took as significant amount of time to get there. While we started more then 24 hours before (4 days ago) any vendors released updated kernels, it is only now that we have a working patch. From now on we should be able to handle such patches with ease.

Systems with AUTO_UPDATE=True (DEFAULT) in /etc/sysconfig/kcare/kcare.conf will automatically update, and no action is needed for them.

You can manually update the server by running:
# /usr/bin/kcarectl --update

CVEs: CVE-2014-9322 CVE-2014-6410 CVE-2012-6657 CVE-2014-5471, CVE-2014-5472

Details:

  • CVE-2014-9322 x86: local privesc due to bad_iret and paranoid entry incompatibility
    A flaw was found in the way the kernel handled GS segment register base switching when recovering from a #SS (stack segment) fault on an erroneous return to user space. A local, unprivileged user could use this flaw to escalate their privileges on the system.
  • CVE-2012-6657 net: guard tcp_set_keepalive against crash
    It was found that the kernel's networking implementation did not correctly handle the setting of the keepalive socket option on raw sockets. A local user able to create a raw socket could use this flaw to crash the system.
  • CVE-2014-5471 isofs: unbound recursion when processing relocated directories
    It was found that the parse_rock_ridge_inode_internal() function of the kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.
  • CVE-2014-5472 isofs: unbound recursion when processing relocated directories
    It was found that the parse_rock_ridge_inode_internal() function of the kernel's ISOFS implementation did not correctly check relocated directories when processing Rock Ridge child link (CL) tags. An attacker with physical access to the system could use a specially crafted ISO image to crash the system or, potentially, escalate their privileges on the system.

  • CVE-2014-6410 udf: Avoid infinite loop when processing indirect ICBs
    A stack overflow flaw caused by infinite recursion was found in the way the Linux kernel's Universal Disk Format (UDF) file system implementation processed indirect Information Control Blocks (ICBs). An attacker with physical access to the system could use a specially crafted UDF image to crash the system.
CL6 / Hybrid kernel update 2.6.32-531.29.2.lve1.3....
KernelCare CVE-2014-9322 patch
 

Comments

No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Thursday, 20 June 2019

Captcha Image