Three security issues and a vulnerability have been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service)

1) A security issue is caused due to an error within the "udp_get_next()" function in net/ipv4/udp.c when trying to unlock a not yet locked spinlock. This can be exploited to crash a system by e.g. reading zero bytes from "/proc/net/udp/".

2) A vulnerability is caused due to the "vmx_set_msr()" function in arch/x86/kvm/vmx.c not properly restricting access to the EFER register, which can be exploited to e.g. crash the system.

3) An error within the "__inet6_check_established()" function in net/ipv6/inet6_hashtables.c can be exploited to cause a NULL pointer dereference and crash the system.

Successful exploitation requires that "NET_NS" is enabled.

4) The "pci_register_iommu_region()" function in arch/sparc/kernel/pci_common.c does not properly initialise certain data structures. This can be exploited to cause a crash by e.g. reading from "/proc/iomem/".

Successful exploitation requires a SPARC64 architecture.

Solution
Update to version 2.6.29.1.

Provided and/or discovered by
1, 4) Reported by the vendor.
3) Adam Goode
2) Benjamin Gilbert

Changelog
Further details available in Customer Area

Original Advisory
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.29.1
3) https://bugzilla.redhat.com/show_bug.cgi?id=486889
4) http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=192d7a4667c6d11d1a174ec4cad9a3c5d5f9043c

Deep Links
Links available in Customer Area