Synopsis
Important: kernel security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
- Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
- A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
- A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)
- It was reported that with Linux kernel, earlier than version v4.10-rc8, an application may trigger a BUG_ON in sctp_wait_for_sndbuf if the socket tx buffer is full, a thread is waiting on it to queue more data, and meanwhile another thread peels off the association being used by the first thread. (CVE-2017-5986, Moderate)
Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Technical Notes document linked to in the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
-
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
-
Red Hat Enterprise Linux Server - TUS 7.3 x86_64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64
Fixes
- BZ - 1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
- BZ - 1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
- BZ - 1399727 - CVE-2016-7910 kernel: Use after free in seq file
- BZ - 1420276 - CVE-2017-5986 kernel: Reachable BUG_ON from userspace in sctp_wait_for_sndbuf
- BZ - 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
CVEs
References
Vulmon