CentOSPlus kernel that mitigates CVE-2014-4699 now available

Saturday, 19, July 2014 Akemi Yagi kernel, security 1 Comment

CVE-2014-4699:
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.

This issue affects CentOS-6 and -7 kernels. An updtream fix has now been applied to the CenOSPlus kernels.

CentOS-6:
kernel-2.6.32-431.20.3.0.1.el6.centos.plus.x86_64.rpm
kernel-2.6.32-431.20.3.0.1.el6.centos.plus.i686.rpm

CentOS-7:
kernel-plus-3.10.0-123.4.2.el7.centos.plus.0.1.x86_64.rpm

One thought on "CentOSPlus kernel that mitigates CVE-2014-4699 now available"

  1. Andre Gompel says:

    1) CentOS 7 install is buggy (GRUB assigne the wrong UUID)

    2) So far, no broadcom package is available for Wifi (broadcom-wl-xxxx.rpm) the Fedora package does not install.

    Several HP and Dell notebooks use the broadcom chip. And broadcom does not provide anymore a package (the source build+install is overly complex).

Leave a Reply

Your email address will not be published. Required fields are marked *