kernel: multiple vulnerabilities

From the Red Hat bug reports:

CVE-2014-7843 - It was found that a read of n*PAGE_SIZE+1 from /dev/zero will cause the kernel to panic due to an unhandled exception since it's not handling the single byte case with a fixup (anything larger than a single byte will properly fault.) A local, unprivileged user could use this flaw to crash the system.

CVE-2014-7842 - It was found that reporting emulation failures to user space can lead to either local or L2->L1 DoS. In the case of local DoS attacker needs access to MMIO area or be able to generate port access. Please note that on certain systems HPET is mapped to userspace as part of vdso (vvar) and thus an unprivileged user may generate MMIO transactions (and enter the emulator) this way.

CVE-2014-7841 - An SCTP server doing ASCONF will panic on malformed INIT ping-of-death in the form of:

     ------------ INIT[PARAM: SET_PRIMARY_IP] ------------>

A remote attacker could use this flaw to crash the system by sending a maliciously prepared SCTP packet in order to trigger a NULL pointer dereference on the server.

From the CVE entries:

CVE-2014-7826 - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the ftrace subsystem, which allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via a crafted application.

CVE-2014-7825 - kernel/trace/trace_syscalls.c in the Linux kernel through 3.17.2 does not properly handle private syscall numbers during use of the perf subsystem, which allows local users to cause a denial of service (out-of-bounds read and OOPS) or bypass the ASLR protection mechanism via a crafted application.