Bug 15223 - Update request: kernel-tmb-3.14.32-1.mga4
Summary: Update request: kernel-tmb-3.14.32-1.mga4
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 4
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: advisory MGA4-32-OK MGA4-64-OK
Keywords: validated_update
Depends on:
Blocks:
 
Reported: 2015-02-07 14:24 CET by Thomas Backlund
Modified: 2015-02-19 15:43 CET (History)
3 users (show)

See Also:
Source RPM: kernel-tmb-3.14.32-1.mga4.src.rpm
CVE:
Status comment:


Attachments

Description Thomas Backlund 2015-02-07 14:24:53 CET
New round for testing, advisory will follow...

SRPMS:
kernel-tmb-3.14.32-1.mga4.src.rpm



i586:
kernel-tmb-desktop-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-devel-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop586-devel-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-desktop586-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-desktop-devel-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-desktop-devel-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-desktop-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-laptop-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-laptop-devel-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-laptop-devel-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-laptop-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-server-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-server-devel-3.14.32-1.mga4-1-1.mga4.i586.rpm
kernel-tmb-server-devel-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-server-latest-3.14.32-1.mga4.i586.rpm
kernel-tmb-source-3.14.32-1.mga4-1-1.mga4.noarch.rpm
kernel-tmb-source-latest-3.14.32-1.mga4.noarch.rpm



x86_64:
kernel-tmb-desktop-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-laptop-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-laptop-devel-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-laptop-devel-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-laptop-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-server-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-server-devel-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-server-devel-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-server-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-source-3.14.32-1.mga4-1-1.mga4.noarch.rpm
kernel-tmb-source-latest-3.14.32-1.mga4.noarch.rpm


Reproducible: 

Steps to Reproduce:
Comment 1 Thomas Backlund 2015-02-12 20:03:43 CET
Advisory:

This kernel-tmb update is based on upstream -longterm 3.14.32 and fixes the 
following security issues:

The microcode on AMD 16h 00h through 0Fh processors does not properly handle
the interaction between locked instructions and write-combined memory types,
which allows local users to cause a denial of service (system hang) via a
crafted application, aka the errata 793 issue (CVE-2013-6885)

The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel
through 3.16.1 miscalculates the number of pages during the handling of
a mapping failure, which allows guest OS users to (1) cause a denial of
service (host OS memory corruption) or possibly have unspecified other
impact by triggering a large gfn value or (2) cause a denial of service
(host OS memory consumption) by triggering a small gfn value that leads
to permanently pinned pages (CVE-2014-3601).

The WRMSR processing functionality in the KVM subsystem in the Linux
kernel through 3.17.2 does not properly handle the writing of a non-
canonical address to a model-specific register, which allows guest OS
users to cause a denial of service (host OS crash) by leveraging guest
OS privileges, related to the wrmsr_interception function in
arch/x86/kvm/svm.c and the handle_wrmsr function in arch/x86/kvm/vmx.c
(CVE-2014-3610).

Race condition in the __kvm_migrate_pit_timer function in
arch/x86/kvm/i8254.c in the KVM subsystem in the Linux kernel through
3.17.2 allows guest OS users to cause a denial of service (host OS crash)
by leveraging incorrect PIT emulation (CVE-2014-3611).

arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel through 3.17.2
does not have an exit handler for the INVVPID instruction, which allows
guest OS users to cause a denial of service (guest OS crash) via a crafted
application (CVE-2014-3646).

arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel through
3.17.2 does not properly perform RIP changes, which allows guest OS users
to cause a denial of service (guest OS crash) via a crafted application
(CVE-2014-3647).

The pivot_root implementation in fs/namespace.c in the Linux kernel through
3.17 does not properly interact with certain locations of a chroot directory,
which allows local users to cause a denial of service (mount-tree loop) via
. (dot) values in both arguments to the pivot_root system call
(CVE-2014-7970).

arch/x86/kernel/tls.c in the Thread Local Storage (TLS) implementation in
the Linux kernel through 3.18.1 allows local users to bypass the espfix
protection mechanism, and consequently makes it easier for local users to
bypass the ASLR protection mechanism, via a crafted application that makes
a set_thread_area system call and later reads a 16-bit value (CVE-2014-8133).

The paravirt_ops_setup function in arch/x86/kernel/kvm.c in the Linux kernel
through 3.18 uses an improper paravirt_enabled setting for KVM guest kernels,
which makes it easier for guest OS users to bypass the ASLR protection
mechanism via a crafted application that reads a 16-bit value (CVE-2014-8134).

The Linux kernel through 3.17.4 does not properly restrict dropping of
supplemental group memberships in certain namespace scenarios, which allows
local users to bypass intended file permissions by leveraging a POSIX ACL
containing an entry for the group category that is more restrictive than
the entry for the other category, aka a "negative groups" issue, related to
kernel/groups.c, kernel/uid16.c, and kernel/user_namespace.c (CVE-2014-8989).

arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly
handle faults associated with the Stack Segment (SS) segment register, which
 allows local users to gain privileges by triggering an IRET instruction that
leads to access to a GS Base address from the wrong space (CVE-2014-9322).

On x86_64 Linux kernels a malicious user program can do a partial ASLR
bypass through TLS base addresses leak when attacking other programs
(CVE-2014-9419).

Linux kernel built with the iso9660 file system (CONFIG_ISO9660_FS) support
is vulnerable to an infinite recursion loop flaw, which could lead to a
crash or render a system unresponsive/unusable after a while. This occurs
while mounting an iso9660 image. An unprivileged user/process could use
this flaw to crash the system resulting in DoS (CVE-2014-9420).

The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in
the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an
incorrect length field during a calculation of an amount of memory, which
allows remote attackers to cause a denial of service (mesh-node system crash)
via fragmented packets (CVE-2014-9428).

Race condition in the key_gc_unused_keys function in security/keys/gc.c
in the Linux kernel through 3.18.2 allows local users to cause a denial
of service (memory corruption or panic) or possibly have unspecified other
impact via keyctl commands that trigger access to a key structure member
during garbage collection of a key (CVE-2014-9529).

The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux
kernel before 3.18.2 does not validate a length value in the Extensions
Reference (ER) System Use Field, which allows local users to obtain sensitive
information from kernel memory via a crafted iso9660 image (CVE-2014-9584).

The vdso_addr function in arch/x86/vdso/vma.c in the Linux kernel through
3.18.2 does not properly choose memory locations for the vDSO area, which
makes it easier for local users to bypass the ASLR protection mechanism by
guessing a location at the end of a PMD (CVE-2014-9585).

Linux Kernel 2.6.38 through 3.18 are affected by a flaw in the Crypto API
that allows any local user to load any installed kernel module on systems
where CONFIG_CRYPTO_USER_API=y by abusing the request_module() call
(CVE-2013-7421, CVE-2014-9644).

When hitting an sctp INIT collision case during the 4WHS with AUTH enabled,
it can create a local denial of service by triggering a panic on server side
(CVE-2015-1421).

It was found that routing packets to too many different dsts/too fast can
lead to a excessive resource consumption. A remote attacker can use this
flaw to crash the system (CVE-2015-1465).

For other fixes in this update, see the referenced changelogs.


References:
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.24
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.25
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.26
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.27
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.28
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.29
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.30
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.31
https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.14.32
Comment 2 William Kenney 2015-02-13 17:06:25 CET
In VirtualBox, M4, KDE, 32-bit

Package(s) under test:
kernel-tmb-desktop-latest dbus dbus-x11 libdbus1_3 glibc

default install of kernel-tmb-desktop-latest dbus dbus-x11 libdbus1_3 glibc

[root@localhost wilcal]# uname -a
Linux localhost 3.14.23-tmb-desktop-1.mga4 #1 SMP PREEMPT Sun Nov 2 10:18:00 UTC 2014 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.14.23-1.mga4.i586 is already installed
[root@localhost wilcal]# urpmi dbus
Package dbus-1.6.18-1.8.mga4.i586 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.6.18-1.8.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libdbus1_3
Package libdbus1_3-1.6.18-1.8.mga4.i586 is already installed
[root@localhost wilcal]# urpmi glibc
Package glibc-2.18-9.8.mga4.i586 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

install kernel-tmb-desktop-latest dbus dbus-x11 libdbus1_3 glibc from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 00:43:59 UTC 2015 i686 i686 i686 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.14.32-1.mga4.i586 is already installed
[root@localhost wilcal]# urpmi dbus
Package dbus-1.6.18-1.10.mga4.i586 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.6.18-1.10.mga4.i586 is already installed
[root@localhost wilcal]# urpmi libdbus1_3
Package libdbus1_3-1.6.18-1.10.mga4.i586 is already installed
[root@localhost wilcal]# urpmi glibc
Package glibc-2.18-9.9.mga4.i586 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.10-1.1.mga4.x86_64
virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64

CC: (none) => wilcal.int
Whiteboard: (none) => MGA4-32-OK

Comment 3 William Kenney 2015-02-13 17:33:00 CET
In VirtualBox, M4, KDE, 64-bit

Package(s) under test:
kernel-tmb-desktop-latest dbus dbus-x11 lib64dbus1_3 glibc

default install of kernel-tmb-desktop-latest dbus dbus-x11 lib64dbus1_3 glibc

[root@localhost wilcal]# uname -a
Linux localhost 3.14.23-tmb-desktop-1.mga4 #1 SMP PREEMPT Sun Nov 2 10:10:33 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.14.23-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus
Package dbus-1.6.18-1.8.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.6.18-1.8.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbus1_3
Package lib64dbus1_3-1.6.18-1.8.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi glibc
Package glibc-2.18-9.8.mga4.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

install kernel-tmb-desktop-latest dbus dbus-x11 lib64dbus1_3 glibc from updates_testing

[root@localhost wilcal]# uname -a
Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 01:52:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
[root@localhost wilcal]# urpmi kernel-tmb-desktop-latest
Package kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus
Package dbus-1.6.18-1.10.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi dbus-x11
Package dbus-x11-1.6.18-1.10.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi lib64dbus1_3
Package lib64dbus1_3-1.6.18-1.10.mga4.x86_64 is already installed
[root@localhost wilcal]# urpmi glibc
Package glibc-2.18-9.9.mga4.x86_64 is already installed

System boots to a working desktop. Common apps work. Screen dimensions are correct.

Test platform:
Intel Core i7-2600K Sandy Bridge 3.4GHz
GIGABYTE GA-Z68X-UD3-B3 LGA 1155 MoBo
GIGABYTE GV-N440D3-1GI Nvidia GeForce GT 440 (Fermi) 1GB
RTL8111/8168B PCI Express 1Gbit Ethernet
DRAM 16GB (4 x 4GB)
Mageia 4 64-bit, Nvidia driver
virtualbox-4.3.10-1.1.mga4.x86_64
virtualbox-guest-additions-4.3.10-1.1.mga4.x86_64

Whiteboard: MGA4-32-OK => MGA4-32-OK MGA4-64-OK

Comment 4 claire robinson 2015-02-13 19:51:04 CET
Advisory uploaded.

Several kernels still to test with this one

Whiteboard: MGA4-32-OK MGA4-64-OK => advisory MGA4-32-OK MGA4-64-OK

Comment 5 olivier charles 2015-02-17 13:29:35 CET
Testing on Mageia4x64 real hardware

On a clean and updated install,

Updated to testing packages :
---------------------------
kernel-tmb-desktop-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64.rpm

On reboot, this kernel was not used though it appears in /boot/grub/menu.lst

By comparison, on same installation, updating to usual kernel-desktop-3.14.32-1.mga4-1-1.mga4.x86_64, it rebooted directly in new kernel.

Using grub on partition, multiboot being managed by another distro (ubuntu) by grub2.

Neither with tmb nor usual kernel did I update-grub2 in ubuntu.

Question : is it expected behaviour ?

CC: (none) => olchal

Comment 6 olivier charles 2015-02-17 14:24:37 CET
Answer to myself, in grub, the entry points toward linux /boot/vmlinuz which is a link to latest desktop "usual" kernel, and not tmb kernel.

Sorry :(
Comment 7 olivier charles 2015-02-17 15:07:38 CET
Resumed my testing on Mageia4x64 real hardware (intel core i3, Nvidia 750 GTX)

With :
kernel-tmb-desktop-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-3.14.32-1.mga4-1-1.mga4.x86_64.rpm
kernel-tmb-desktop-devel-latest-3.14.32-1.mga4.x86_64.rpm
kernel-tmb-desktop-latest-3.14.32-1.mga4.x86_64.rpm

Reboot hangs up with :

Sorry, but there has been a problem starting your graphical display.
Can enter a console and run drakx11, but nvidia driver and screen already properly set.

Went back to Mageia4x64 3.14.27 kernel and installed testing Nvidia drivers (which brought along kernel-desktop-3.14.32-1)

Rebooted choosing tmb kernel, same problem as before, drakx11 showing all was already installed.

Rebooted in 3-14.32-1 "usual" kernel-desktop, which works OK.

Note : dbus and x11-server are not updated to testing packages on this installation.

Conclusion : tmb testing desktop kernel not working for me.
Comment 8 David Walser 2015-02-17 15:35:34 CET
Do you have the dkms package for your nvidia module installed?
Comment 9 olivier charles 2015-02-17 16:15:57 CET
(In reply to David Walser from comment #8)
> Do you have the dkms package for your nvidia module installed?

Yes I think I have :
NVIDIA Driver Version: 331.113

$ rpm -q dkms-nvidia-current
dkms-nvidia-current-331.113-1.mga4.nonfree

$ rpm -q nvidia-current-kernel-desktop-latest
nvidia-current-kernel-desktop-latest-331.113-3.mga4.nonfree
Comment 10 claire robinson 2015-02-17 16:41:00 CET
"dkms status | sort" as root will list all installed dkms/kmod modules. It shows "Installed from binary" for the pre-built kmod modules and "installed" for modules built by dkms.

You should be able to see if it has built for this kernel.
Comment 11 olivier charles 2015-02-17 16:48:08 CET
Yes, "dkms status | sort" gives me a warning with 3.14.32-tmb-desktop :

# dkms status | sort
nvidia-current, 331.113-1.mga4.nonfree, 3.14.27-desktop-1.mga4, x86_64: installed 
nvidia-current, 331.113-1.mga4.nonfree, 3.14.27-desktop-1.mga4, x86_64: installed-binary from 3.14.27-desktop-1.mga4
nvidia-current, 331.113-1.mga4.nonfree, 3.14.32-desktop-1.mga4, x86_64: installed-binary from 3.14.32-desktop-1.mga4
nvidia-current, 331.113-1.mga4.nonfree, 3.14.32-tmb-desktop-1.mga4, x86_64: installed  (WARNING! Diff between built and installed module!) (WARNING! Diff between built and installed module!)
nvidia-current, 331.79-1.mga4.nonfree, 3.12.21-desktop-2.mga4, x86_64: installed-binary from 3.12.21-desktop-2.mga4
Comment 12 claire robinson 2015-02-17 16:53:56 CET
We've run into this before. urpme dkms-nvidia-current && urpmi dkms-nvidia-current will fix it but it's a known issue. I'll see if I can find the bug again.

You may have to reconfigure X once you've reinstalled the package.
Comment 13 claire robinson 2015-02-17 16:58:23 CET
bug 10771
Comment 14 olivier charles 2015-02-17 17:21:06 CET
Thanks Claire, that worked (urpme and then urpmi dkms-nvidia-current).

"dkms status | sort" does not show any errors anymore and nvidia driver is enabled. I did not have to reconfigure X.

$ uname -a
Linux localhost 3.14.32-tmb-desktop-1.mga4 #1 SMP PREEMPT Sat Feb 7 01:52:28 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux

Nothing to report in dmesg, journalctl or systemctl -a.
Display, sound, network OK
Comment 15 claire robinson 2015-02-17 17:25:53 CET
Good. It's a result of previous kernel testing but the issue is the dkms module not being correctly uninstalled & removed when the kernel itself is uninstalled.

I've bumped bug 10771 to be a cauldron bug as it was still against mga3.
Comment 16 claire robinson 2015-02-17 18:23:06 CET
Just a reminder there are still server, laptop and desktop586 kernels to test before we can validate this one.
Comment 17 olivier charles 2015-02-18 21:09:06 CET
Testing on Mageia 4x32 real hardware (intel core i3 , nvidia 750 GTX)

- kernel-tmb-server-3.14.32-1.mga4-1-1.mga4.i586
- kernel-tmb-server-devel-3.14.32-1.mga4-1-1.mga4.i586
- kernel-tmb-server-devel-latest-3.14.32-1.mga4.i586
- kernel-tmb-server-latest-3.14.32-1.mga4.i586

Reboot OK, dmesg, systemctl and journalctl -a OK
Sound, internet, usb OK
Display and screen OK, nvidia proprietary driver functionnal

# dkms status | sort
(...)
nvidia-current, 331.113-1.mga4.nonfree, 3.14.32-tmb-server-1.mga4, i586: installed 

No need to reinstall dkms-nvidia this time.

OK for me.
Comment 18 claire robinson 2015-02-19 11:40:47 CET
Testing complete kernel-tmb-laptop i586 on Pentium M 1.6 centrino laptop.
Comment 19 claire robinson 2015-02-19 12:06:27 CET
Testing complete kernel-tmb-desktop586 and kernel-tmb-desktop same hardware.
Comment 20 claire robinson 2015-02-19 13:42:17 CET
Validating.

Please push to 4 updates

Thanks

Keywords: (none) => validated_update
CC: (none) => sysadmin-bugs

Comment 21 Mageia Robot 2015-02-19 15:43:48 CET
An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0076.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED


Note You need to log in before you can comment on or make changes to this bug.