Advisory: This kernel update is based on upstream -longterm 3.10.60 and fixes the following security issues: The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non- canonical address to a model-specific register, which allows guest OS users to cause a denial of service (host OS crash) by leveraging guest OS privileges, related to the wrmsr_interception function in arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c (CVE-2014-3610). Race condition in the __kvm_migrate_pit_timer function in arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through 3.17.2 allows guest OS users to cause a denial of service (host OS crash) by leveraging incorrect PIT emulation (CVE-2014-3611). arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through 3.17.2 does not properly perform RIP changes, which allows guest OS users to cause a denial of service (guest OS crash) via a crafted application (CVE-2014-3647). For other upstream changes, read the referenced changelogs. References: https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.59 https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.10.60 SRPMS: kernel-3.10.60-1.mga3.src.rpm kernel-userspace-headers-3.10.60-1.mga3.src.rpm kmod-vboxadditions-4.3.18-3.mga3.src.rpm kmod-virtualbox-4.3.18-3.mga3.src.rpm kmod-xtables-addons-2.3-25.mga3.src.rpm kmod-broadcom-wl-6.30.223.141-25.mga3.nonfree.src.rpm kmod-fglrx-13.251-15.mga3.nonfree.src.rpm kmod-nvidia173-173.14.38-39.mga3.nonfree.src.rpm kmod-nvidia304-304.108-25.mga3.nonfree.src.rpm kmod-nvidia-current-319.60-25.mga3.nonfree.src.rpm i586: cpupower-3.10.60-1.mga3.i586.rpm cpupower-devel-3.10.60-1.mga3.i586.rpm kernel-desktop-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-desktop586-devel-latest-3.10.60-1.mga3.i586.rpm kernel-desktop586-latest-3.10.60-1.mga3.i586.rpm kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-desktop-devel-latest-3.10.60-1.mga3.i586.rpm kernel-desktop-latest-3.10.60-1.mga3.i586.rpm kernel-doc-3.10.60-1.mga3.noarch.rpm kernel-server-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-server-devel-3.10.60-1.mga3-1-1.mga3.i586.rpm kernel-server-devel-latest-3.10.60-1.mga3.i586.rpm kernel-server-latest-3.10.60-1.mga3.i586.rpm kernel-source-3.10.60-1.mga3-1-1.mga3.noarch.rpm kernel-source-latest-3.10.60-1.mga3.noarch.rpm kernel-userspace-headers-3.10.60-1.mga3.i586.rpm perf-3.10.60-1.mga3.i586.rpm vboxadditions-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.i586.rpm vboxadditions-kernel-3.10.60-desktop586-1.mga3-4.3.18-3.mga3.i586.rpm vboxadditions-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.i586.rpm vboxadditions-kernel-desktop586-latest-4.3.18-3.mga3.i586.rpm vboxadditions-kernel-desktop-latest-4.3.18-3.mga3.i586.rpm vboxadditions-kernel-server-latest-4.3.18-3.mga3.i586.rpm virtualbox-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.i586.rpm virtualbox-kernel-3.10.60-desktop586-1.mga3-4.3.18-3.mga3.i586.rpm virtualbox-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.i586.rpm virtualbox-kernel-desktop586-latest-4.3.18-3.mga3.i586.rpm virtualbox-kernel-desktop-latest-4.3.18-3.mga3.i586.rpm virtualbox-kernel-server-latest-4.3.18-3.mga3.i586.rpm xtables-addons-kernel-3.10.60-desktop-1.mga3-2.3-25.mga3.i586.rpm xtables-addons-kernel-3.10.60-desktop586-1.mga3-2.3-25.mga3.i586.rpm xtables-addons-kernel-3.10.60-server-1.mga3-2.3-25.mga3.i586.rpm xtables-addons-kernel-desktop586-latest-2.3-25.mga3.i586.rpm xtables-addons-kernel-desktop-latest-2.3-25.mga3.i586.rpm xtables-addons-kernel-server-latest-2.3-25.mga3.i586.rpm broadcom-wl-kernel-3.10.60-desktop-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm broadcom-wl-kernel-3.10.60-desktop586-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm broadcom-wl-kernel-3.10.60-server-1.mga3-6.30.223.141-25.mga3.nonfree.i586.rpm broadcom-wl-kernel-desktop586-latest-6.30.223.141-25.mga3.nonfree.i586.rpm broadcom-wl-kernel-desktop-latest-6.30.223.141-25.mga3.nonfree.i586.rpm broadcom-wl-kernel-server-latest-6.30.223.141-25.mga3.nonfree.i586.rpm fglrx-kernel-3.10.60-desktop-1.mga3-13.251-15.mga3.nonfree.i586.rpm fglrx-kernel-3.10.60-desktop586-1.mga3-13.251-15.mga3.nonfree.i586.rpm fglrx-kernel-3.10.60-server-1.mga3-13.251-15.mga3.nonfree.i586.rpm fglrx-kernel-desktop586-latest-13.251-15.mga3.nonfree.i586.rpm fglrx-kernel-desktop-latest-13.251-15.mga3.nonfree.i586.rpm fglrx-kernel-server-latest-13.251-15.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.60-desktop-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.60-desktop586-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm nvidia173-kernel-3.10.60-server-1.mga3-173.14.38-39.mga3.nonfree.i586.rpm nvidia173-kernel-desktop586-latest-173.14.38-39.mga3.nonfree.i586.rpm nvidia173-kernel-desktop-latest-173.14.38-39.mga3.nonfree.i586.rpm nvidia173-kernel-server-latest-173.14.38-39.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.60-desktop-1.mga3-304.108-25.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.60-desktop586-1.mga3-304.108-25.mga3.nonfree.i586.rpm nvidia304-kernel-3.10.60-server-1.mga3-304.108-25.mga3.nonfree.i586.rpm nvidia304-kernel-desktop586-latest-304.108-25.mga3.nonfree.i586.rpm nvidia304-kernel-desktop-latest-304.108-25.mga3.nonfree.i586.rpm nvidia304-kernel-server-latest-304.108-25.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.60-desktop586-1.mga3-319.60-25.mga3.nonfree.i586.rpm nvidia-current-kernel-3.10.60-server-1.mga3-319.60-25.mga3.nonfree.i586.rpm nvidia-current-kernel-desktop586-latest-319.60-25.mga3.nonfree.i586.rpm nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.i586.rpm nvidia-current-kernel-server-latest-319.60-25.mga3.nonfree.i586.rpm x86_64: cpupower-3.10.60-1.mga3.x86_64.rpm cpupower-devel-3.10.60-1.mga3.x86_64.rpm kernel-desktop-3.10.60-1.mga3-1-1.mga3.x86_64.rpm kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.x86_64.rpm kernel-desktop-devel-latest-3.10.60-1.mga3.x86_64.rpm kernel-desktop-latest-3.10.60-1.mga3.x86_64.rpm kernel-doc-3.10.60-1.mga3.noarch.rpm kernel-server-3.10.60-1.mga3-1-1.mga3.x86_64.rpm kernel-server-devel-3.10.60-1.mga3-1-1.mga3.x86_64.rpm kernel-server-devel-latest-3.10.60-1.mga3.x86_64.rpm kernel-server-latest-3.10.60-1.mga3.x86_64.rpm kernel-source-3.10.60-1.mga3-1-1.mga3.noarch.rpm kernel-source-latest-3.10.60-1.mga3.noarch.rpm kernel-userspace-headers-3.10.60-1.mga3.x86_64.rpm perf-3.10.60-1.mga3.x86_64.rpm vboxadditions-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.x86_64.rpm vboxadditions-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.x86_64.rpm vboxadditions-kernel-desktop-latest-4.3.18-3.mga3.x86_64.rpm vboxadditions-kernel-server-latest-4.3.18-3.mga3.x86_64.rpm virtualbox-kernel-3.10.60-desktop-1.mga3-4.3.18-3.mga3.x86_64.rpm virtualbox-kernel-3.10.60-server-1.mga3-4.3.18-3.mga3.x86_64.rpm virtualbox-kernel-desktop-latest-4.3.18-3.mga3.x86_64.rpm virtualbox-kernel-server-latest-4.3.18-3.mga3.x86_64.rpm xtables-addons-kernel-3.10.60-desktop-1.mga3-2.3-25.mga3.x86_64.rpm xtables-addons-kernel-3.10.60-server-1.mga3-2.3-25.mga3.x86_64.rpm xtables-addons-kernel-desktop-latest-2.3-25.mga3.x86_64.rpm xtables-addons-kernel-server-latest-2.3-25.mga3.x86_64.rpm broadcom-wl-kernel-3.10.60-desktop-1.mga3-6.30.223.141-25.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-3.10.60-server-1.mga3-6.30.223.141-25.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-desktop-latest-6.30.223.141-25.mga3.nonfree.x86_64.rpm broadcom-wl-kernel-server-latest-6.30.223.141-25.mga3.nonfree.x86_64.rpm fglrx-kernel-3.10.60-desktop-1.mga3-13.251-15.mga3.nonfree.x86_64.rpm fglrx-kernel-3.10.60-server-1.mga3-13.251-15.mga3.nonfree.x86_64.rpm fglrx-kernel-desktop-latest-13.251-15.mga3.nonfree.x86_64.rpm fglrx-kernel-server-latest-13.251-15.mga3.nonfree.x86_64.rpm nvidia173-kernel-3.10.60-desktop-1.mga3-173.14.38-39.mga3.nonfree.x86_64.rpm nvidia173-kernel-3.10.60-server-1.mga3-173.14.38-39.mga3.nonfree.x86_64.rpm nvidia173-kernel-desktop-latest-173.14.38-39.mga3.nonfree.x86_64.rpm nvidia173-kernel-server-latest-173.14.38-39.mga3.nonfree.x86_64.rpm nvidia304-kernel-3.10.60-desktop-1.mga3-304.108-25.mga3.nonfree.x86_64.rpm nvidia304-kernel-3.10.60-server-1.mga3-304.108-25.mga3.nonfree.x86_64.rpm nvidia304-kernel-desktop-latest-304.108-25.mga3.nonfree.x86_64.rpm nvidia304-kernel-server-latest-304.108-25.mga3.nonfree.x86_64.rpm nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.x86_64.rpm nvidia-current-kernel-3.10.60-server-1.mga3-319.60-25.mga3.nonfree.x86_64.rpm nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.x86_64.rpm nvidia-current-kernel-server-latest-319.60-25.mga3.nonfree.x86_64.rpm Reproducible: Steps to Reproduce:
Tested fine with kernel-desktop in Virtualbox, on my older PogoLinux machine at home, and on my Dell Inspiron 600m laptop, and with kernel-server in VMWare, my newer PogoLinux machine at home, and my Dell Optiplex 990 at work. All Mageia 3 i586.
Whiteboard: (none) => MGA3-32-OK
on https://wiki.mageia.org/en/User:Marja/QA/Hardware#NVidia_system_from_Alternate updated the following packages to the mentioned versions: cpupower-3.10.60-1.mga3.x86_64 kernel-desktop-3.10.60-1.mga3-1-1.mga3.x86_64 kernel-desktop-devel-3.10.60-1.mga3-1-1.mga3.x86_64 kernel-desktop-devel-latest-3.10.60-1.mga3.x86_64 kernel-desktop-latest-3.10.60-1.mga3.x86_64 kernel-userspace-headers-3.10.60-1.mga3.x86_64 nvidia-current-kernel-3.10.60-desktop-1.mga3-319.60-25.mga3.nonfree.x86_64 nvidia-current-kernel-desktop-latest-319.60-25.mga3.nonfree.x86_64 After reboot, using the proprietary NVidia driver, everything looks OK: LAN, Firefox, VLC (sound + video + subtitles), konsole, switching to a text tty and running "top" there all work fine.
CC: (none) => marja11
Validating now. Could someone please upload the advisory? Sysadmins, you can push this to core/updates on the advisory is uploaded. Thanks.
Keywords: (none) => validated_updateWhiteboard: MGA3-32-OK => MGA3-32-OK MGA3-64-OKCC: (none) => sysadmin-bugs
Advisory uploaded.
CC: (none) => remiWhiteboard: MGA3-32-OK MGA3-64-OK => MGA3-32-OK MGA3-64-OK advisory
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0475.html
Status: NEW => RESOLVEDResolution: (none) => FIXED