SRPM: kernel-rt-3.12.20-0.rt30.1.mga4.src.rpm i586: kernel-rt-3.12.20-0.rt30.1.mga4-1-1.mga4.i586.rpm kernel-rt-devel-3.12.20-0.rt30.1.mga4-1-1.mga4.i586.rpm kernel-rt-devel-latest-3.12.20-0.rt30.1.mga4.i586.rpm kernel-rt-doc-3.12.20-0.rt30.1.mga4.noarch.rpm kernel-rt-latest-3.12.20-0.rt30.1.mga4.i586.rpm kernel-rt-source-3.12.20-0.rt30.1.mga4-1-1.mga4.noarch.rpm kernel-rt-source-latest-3.12.20-0.rt30.1.mga4.noarch.rpm x86_64: kernel-rt-3.12.20-0.rt30.1.mga4-1-1.mga4.x86_64.rpm kernel-rt-devel-3.12.20-0.rt30.1.mga4-1-1.mga4.x86_64.rpm kernel-rt-devel-latest-3.12.20-0.rt30.1.mga4.x86_64.rpm kernel-rt-doc-3.12.20-0.rt30.1.mga4.noarch.rpm kernel-rt-latest-3.12.20-0.rt30.1.mga4.x86_64.rpm kernel-rt-source-3.12.20-0.rt30.1.mga4-1-1.mga4.noarch.rpm kernel-rt-source-latest-3.12.20-0.rt30.1.mga4.noarch.rpm Advisory: Updated kernel-rt provides upstream 3.12.20 kernel and fixes the following security issues: The ioapic_deliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvm_irq_delivery_to_apic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapic_service function before the vulnerability was announced. (CVE-2014-0155) The n_tty_write function in drivers/tty/n_tty.c in the Linux kernel through 3.14.3 does not properly manage tty driver access in the "LECHO & !OPOST" case, which allows local users to cause a denial of service (memory corruption and system crash) or gain privileges by triggering a race condition involving read and write operations with long strings. (CVE-2014-0196) The raw_cmd_copyin function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly handle error conditions during processing of an FDRAWCMD ioctl call, which allows local users to trigger kfree operations and gain privileges by leveraging write access to a /dev/fd device. (CVE-2014-1737) The raw_cmd_copyout function in drivers/block/floppy.c in the Linux kernel through 3.14.3 does not properly restrict access to certain pointers during processing of an FDRAWCMD ioctl call, which allows local users to obtain sensitive information from kernel heap memory by leveraging write access to a /dev/fd device. (CVE-2014-1738) The -rt patch has been updated to rt30. For other fixes, see the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.20 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.19 Reproducible: Steps to Reproduce:
PoC: https://bugzilla.novell.com/show_bug.cgi?id=875690#c14
Whiteboard: (none) => has_procedure
On real hardware, M4, KDE, 32-bit Package(s) under test: kernel-rt default install of kernel-rt [wilcal@localhost ~]$ uname -a Linux localhost 3.12.18-0.rt25.1.mga4 #1 SMP PREEMPT RT Thu Apr 24 16:27:21 UTC 2014 i686 i686 i686 GNU/Linux kernel-rt boots to a working desktop and applications work fine install kernel-rt from updates_testing [wilcal@localhost ~]$ uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:22:42 UTC 2014 i686 i686 i686 GNU/Linux kernel-rt boots to a working desktop and applications work fine Test platform: Intel, P4 530J 3.0 GHz, 800MHz FSB, 1MB L2, LGA 775 GigaByte GA-81915G Pro F4 i915G LGA 775 MoBo Marvel Yukon 88E8001 Gigabit LAN Intel High Def Audio, Azalia (C-Media 9880) (snd-hda-intel) Intel Graphics Media Accelerator 900 (Intel 82915G) Kingston 4GB (2 x 2GB) DDR400 PC-3200 250GB Seagate Kingwin KF-91-BK SATA Mobile Rack Kingwin KF-91-T-BK SATA Mobile Rack Tray Sony CD/DVD-RW DWQ120AB2
CC: (none) => wilcal.int
Tested OK mga4 32
Testing mga4 64 broadcom-wl (6.30.223.141-2.mga4.nonfree): Installing module. ............... ....... fglrx (13.251-1.mga4.nonfree): Installing module. ........... ....... nvidia-current (331.49-1.mga4.nonfree): Installing module. .......(bad exit status: 10) Build failed. Installation skipped. I'm not sure if this is due to previous problems or a generic build error.
Sorry, kernel confusion, the above was with 3.12.18 before installing the update. Testing the update now.
Yep, it's the nvidia-current driver checking for PREEMPT kernel and bailing out, so same issue as earlier
I was just posting the same thing, remembered as I was rebooting. Proprietary nvidia doesn't support realtime kernels, so it's expected. mga4 64 ok
On real hardware, M4, KDE, 64-bit Package(s) under test: kernel-rt default install of kernel-rt [wilcal@localhost ~]$ uname -a Linux localhost 3.12.18-0.rt25.1.mga4 #1 SMP PREEMPT RT Thu Apr 24 16:44:35 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux kernel-rt to a working desktop and applications work fine install kernel-rt from updates_testing [wilcal@localhost ~]$ uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:33:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux kernel-rt boots to a working desktop and applications work fine Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, nouveau driver
In VirtualBox, M4, KDE, 32-bit Package(s) under test: kernel-rt default install of kernel-rt [wilcal@localhost ~]$ uname -a Linux localhost 3.12.18-0.rt25.1.mga4 #1 SMP PREEMPT RT Thu Apr 24 16:27:21 UTC 2014 i686 i686 i686 GNU/Linux kernel-rt to a working desktop and applications work fine install kernel-rt from updates_testing [wilcal@localhost ~]$ uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:22:42 UTC 2014 i686 i686 i686 GNU/Linux kernel-rt boots to a working desktop and applications work fine Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, nouveau driver
In VirtualBox, M4, KDE, 64-bit Package(s) under test: kernel-rt default install of kernel-rt [wilcal@localhost ~]$ uname -a Linux localhost 3.12.18-0.rt25.1.mga4 #1 SMP PREEMPT RT Thu Apr 24 16:44:35 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux kernel-rt to a working desktop and applications work fine install kernel-rt from updates_testing [wilcal@localhost ~]$ uname -a Linux localhost 3.12.20-0.rt30.1.mga4 #1 SMP PREEMPT RT Fri May 16 16:33:27 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux kernel-rt boots to a working desktop and applications work fine Test platform: Intel Core i7-2600K Sandy Bridge 3.4GHz GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB RTL8111/8168B PCI Express 1Gbit Ethernet DRAM 16GB (4 x 4GB) Mageia 4 64-bit, nouveau driver
Advisory uploaded. Validating. Could sysadmin please push to 4 updates. Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure => has_procedure advisory mga4-32-ok mga4-64-okCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGASA-2014-0227.html
Status: NEW => RESOLVEDResolution: (none) => FIXED