Security Advisory Important: kernel-rt security and bug fix update

Advisory: RHSA-2014:0100-1
Type: Security Advisory
Severity: Important
Issued on: 2014-01-28
Last updated on: 2014-01-28
Affected Products: Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)
CVEs ( CVE-2013-2929


Updated kernel-rt packages that fix multiple security issues and several
bugs are now available for Red Hat Enterprise MRG 2.4.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's TCP/IP protocol suite
implementation handled sending of certain UDP packets over sockets that
used the UDP_CORK option when the UDP Fragmentation Offload (UFO) feature
was enabled on the output device. A local, unprivileged user could use this
flaw to cause a denial of service or, potentially, escalate their
privileges on the system. (CVE-2013-4470, Important)

* A flaw was found in the way the perf_trace_event_perm() function in the
Linux kernel checked permissions for the function tracer functionality.
An unprivileged local user could use this flaw to enable function tracing
and cause a denial of service on the system. (CVE-2013-2930, Moderate)

* A flaw was found in the way the net_ctl_permissions() function in the
Linux kernel checked access permissions. A local, unprivileged user could
potentially use this flaw to access certain files in /proc/sys/net
regardless of the underlying file system permissions. (CVE-2013-4270,

* A flaw was found in the way the Linux kernel's Adaptec RAID controller
(aacraid) checked permissions of compat IOCTLs. A local attacker could use
this flaw to bypass intended security restrictions. (CVE-2013-6383,

* A flaw was found in the way the get_dumpable() function return value was
interpreted in the ptrace subsystem of the Linux kernel. When
'fs.suid_dumpable' was set to 2, a local, unprivileged local user could
use this flaw to bypass intended ptrace restrictions and obtain
potentially sensitive information. (CVE-2013-2929, Low)

* An invalid pointer dereference flaw was found in the Marvell 8xxx
Libertas WLAN (libertas) driver in the Linux kernel. A local user able to
write to a file that is provided by the libertas driver and located on the
debug file system (debugfs) could use this flaw to crash the system. Note:
The debugfs file system must be mounted locally to exploit this issue.
It is not mounted by default. (CVE-2013-6378, Low)

* A NULL pointer dereference flaw was found in the Linux kernel's IPv6
source address-based routing implementation. A local attacker who has the
CAP_NET_ADMIN capability could use this flaw to crash the system.
(CVE-2013-6431, Low)

Red Hat would like to thank Hannes Frederic Sowa for reporting
CVE-2013-4470. The CVE-2013-4270 issue was discovered by Miroslav Vadkerti
of Red Hat.

This update also fixes multiple bugs. Documentation for these changes will
be available shortly from the Technical Notes document linked to in the
References section.

Users should upgrade to these updated packages, which upgrade the kernel-rt
kernel to version kernel-rt-3.8.13-rt27, correct these issues, and fix the
bugs noted in the Red Hat Enterprise MRG 2 Technical Notes. The system must
be rebooted for this update to take effect.


Before applying this update, make sure all previously released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the
Red Hat Network to apply this update are available at

To install kernel packages manually, use "rpm -ivh [package]". Do not use
"rpm -Uvh" as that will remove the running kernel binaries from your
system. You may use "rpm -e" to remove old kernels after determining that
the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise MRG v2 for Red Hat Enterprise Linux (version 6)

File outdated by:  RHSA-2015:1787
    MD5: 57e2ceca681bc98cbdb03390a3203f08
SHA-256: 58f2573facc586ca63e07f6acacb555ab697f69328bc0bf837b2a842e2532729
File outdated by:  RHSA-2015:1787
    MD5: 9ba7640e6e8ef39f9c8a4aac7e0a0141
SHA-256: 7e7c8c0995914e378e38a1b2d7ab6d6f8062b2792a5671b51faa2afde5433348
File outdated by:  RHSA-2015:1787
    MD5: 703872790b80c267f5c661e494d7cac6
SHA-256: b1de1846b717e17fcd896f120f6126700db6964a8c2678b941282aa0f383d8ee
File outdated by:  RHSA-2015:1787
    MD5: 7309c9c31878332d2b1db79f6327305d
SHA-256: af40ed828dafb1f69ae3ec5e07a0363f393287937b1aa8f5222d3d58f57637c5
File outdated by:  RHSA-2015:1787
    MD5: e5687475163feffa7c19bc007cd5c875
SHA-256: 885dbec6c83af3b7b6023cbe1ac659c3f0f744e2e2969642dbe3a3f7f050f132
File outdated by:  RHSA-2015:1787
    MD5: a77c16b8d35e091b9a67e72f16adfa00
SHA-256: 4516d5572b6191f33e4515b8d927612b6dd541a60cb8ea4a1317a5ad3d1c384a
File outdated by:  RHSA-2015:1787
    MD5: 0774a0214a32a16c062009ad458e986c
SHA-256: 0769e076cd91642eb053c0f2f4ff3df842cbdf23a1923834f397466522f4efe8
File outdated by:  RHSA-2015:1787
    MD5: 4e5c0c4ce7c78e98cd358f9bc691b2f5
SHA-256: 51cfb9c8db441dc0a7cb9a261de0b235e3001f5870dd973dc4c214e312cf5843
File outdated by:  RHSA-2015:1787
    MD5: 3f1583687d46919c21cf665c95c8b115
SHA-256: c6894699520fa74b6ae140fa0fc34d008450f587202bc8b4d4d19f3a9ad7cad3
File outdated by:  RHSA-2015:1787
    MD5: a4252a13e205f046233be61c309bec2d
SHA-256: 03591397c98407025afad2063b2efff5a1205006c999af33827bfe65c1c5ebfc
File outdated by:  RHSA-2015:1787
    MD5: 547687cf5132a10c01d7370289bcbaff
SHA-256: 9fc8c9f5ea5525cc8ac430ed3f93b5a77158c8501766dacaf956af934f0ef3d9
File outdated by:  RHSA-2015:1787
    MD5: f97d178b8d396f35656396187043a1ed
SHA-256: 299f4403b2c214d5e81e82d6c3bc1e1a530cca645ded300dfebd46561aada5f1
File outdated by:  RHSA-2015:1787
    MD5: 5c085fe7d65c1080be5237f876c299e0
SHA-256: e86bf59081024305dad08a8e9864811e99e552ee8e2653e9a5875f73ff4209ab
File outdated by:  RHSA-2015:1787
    MD5: d9ee4d22af50b720b4be7ab65318599d
SHA-256: 183100f1080e6b925401b3f780948f9f990812b56122f916b63d513279671192
File outdated by:  RHSA-2015:1787
    MD5: 299c0520d4e69fd571d0c7be5fcc3454
SHA-256: 9182b3c8b0306475125f12e703ef1d3119d15153a94ce026029817173f4ab5c0
File outdated by:  RHSA-2015:1787
    MD5: 26213bafb3d83f8b7935fe8a55dbadfe
SHA-256: 5f564c4485f560f231c48c46f43800736737167a02d8ce3da700c184c4a22051
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

1016729 - Apply IB performance patches to 3.8 realtime kernel
1023477 - CVE-2013-4470 Kernel: net: memory corruption with UDP_CORK and UFO
1027752 - CVE-2013-4270 kernel: net: permissions flaw in /proc/sys/net
1027778 - CVE-2013-2930 kernel: perf/ftrace: insufficient check in perf_trace_event_perm()
1028148 - CVE-2013-2929 kernel: exec/ptrace: get_dumpable() incorrect tests
1033530 - CVE-2013-6383 Kernel: AACRAID Driver compat IOCTL missing capability check
1033578 - CVE-2013-6378 Kernel: drivers: libertas: potential oops in debugfs
1037770 - Recent -rt kernels compiled without CONFIG_NETFILTER_XT_MATCH_ADDRTYPE
1039054 - CVE-2013-6431 kernel: net: fib: fib6_add: potential NULL pointer dereference
1039743 - kernel: panic when unloading ip6_tunnel module


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at