Synopsis
Important: kernel security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Topic
An update for kernel is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
- An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)
- A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)
- It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)
This update also fixes multiple Moderate and Low impact security issues:
- CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685
Documentation for these issues is available from the Release Notes document linked from the References section.
Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).
Additional Changes:
For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
-
Red Hat Enterprise Linux Server 7 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.6 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.5 x86_64
-
Red Hat Enterprise Linux Server - Extended Update Support 7.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.4 x86_64
-
Red Hat Enterprise Linux Workstation 7 x86_64
-
Red Hat Enterprise Linux Desktop 7 x86_64
-
Red Hat Enterprise Linux for IBM z Systems 7 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.5 s390x
-
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.4 s390x
-
Red Hat Enterprise Linux for Power, big endian 7 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.5 ppc64
-
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.4 ppc64
-
Red Hat Enterprise Linux for Scientific Computing 7 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.5 x86_64
-
Red Hat Enterprise Linux EUS Compute Node 7.4 x86_64
-
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
-
Red Hat Enterprise Linux for Power, little endian 7 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.5 ppc64le
-
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.4 ppc64le
-
Red Hat Virtualization Host 4 x86_64
-
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.6 ppc64le
-
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.4 ppc64le
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.6 x86_64
-
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.4 x86_64
Fixes
- BZ - 1151095 - CVE-2014-7970 Kernel: fs: VFS denial of service
- BZ - 1151108 - CVE-2014-7975 Kernel: fs: umount denial of service
- BZ - 1178491 - intel_rapl: no valid rapl domains found in package 0"
- BZ - 1283257 - [RFE] IOMMU support in Vhost-net
- BZ - 1322495 - CVE-2016-6213 kernel: user namespace: unlimited consumed of kernel mount resources [rhel-7.4]
- BZ - 1323577 - CVE-2015-8839 kernel: ext4 filesystem page fault race condition with fallocate call.
- BZ - 1330000 - kernel: Backport getrandom system call
- BZ - 1349647 - NFS client may keep phantom directory entry in dcache when rename is canceled
- BZ - 1352741 - tx array support in tun
- BZ - 1356471 - CVE-2016-6213 kernel: Overflowing kernel mount table using shared bind mount
- BZ - 1368577 - kernel crash after a few hours/days with NFS 4.1 and 4.2 enabled
- BZ - 1368938 - CVE-2016-7097 kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit
- BZ - 1371693 - Processes on nfs client have very high cpu usage in rpcauth_lookup_credcache
- BZ - 1371714 - btrfs module init creates a useless file in /sys/kernel/debug with 0666 permissions
- BZ - 1373966 - CVE-2016-7042 kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled
- BZ - 1378656 - [LLNL 7.4 Bug] Serious Performance regression with NATed IPoIB connected mode
- BZ - 1383739 - BUG: Dentry ffff880232eeacc0{i=800fe1,n=f290} still in use (1)
- BZ - 1386286 - CVE-2015-8970 kernel: crypto: GPF in lrw_crypt caused by null-deref
- BZ - 1389433 - CVE-2016-9604 kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user
- BZ - 1391299 - [LLNL 7.4 Bug] Crash in Infiniband rdmavt layer when kernel consumer exhausts queue pairs
- BZ - 1393904 - CVE-2016-8645 kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c
- BZ - 1394089 - [LLNL 7.4 Bug] 7.3 regression: the kernel does not create the /sys/block/<sd device>/devices/enclosure_device symlinks
- BZ - 1395104 - pci 0000:ff:1e.3: [Firmware Bug]: reg 0x10: invalid BAR (can't size)
- BZ - 1396578 - RFE: Backport virtio-net multi-queue enablement by default patch
- BZ - 1396941 - CVE-2016-9685 kernel: Memory leaks in xfs_attr_list.c error paths
- BZ - 1399830 - GFS2: fallocate error message during gfs2_grow
- BZ - 1401433 - Vhost tx batching
- BZ - 1401436 - lockless en-queuing for vhost
- BZ - 1401502 - CVE-2016-9806 kernel: netlink: double-free in netlink_dump
- BZ - 1403145 - CVE-2016-9576 kernel: Use after free in SCSI generic device interface
- BZ - 1404200 - CVE-2016-10147 kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm
- BZ - 1404924 - CVE-2016-9588 Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS
- BZ - 1406885 - server supports labeled NFS by default
- BZ - 1412210 - CVE-2016-10088 kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression)
- BZ - 1412234 - extend virtio-net to expose host MTU to guest
- BZ - 1415780 - File permissions are not getting set as expected on nfs v4.0 mount
- BZ - 1416532 - Symlinks removed and replaced on an nfs mount from another system receive STALE nfs error and EIO from readlink()
- BZ - 1417812 - CVE-2017-2596 Kernel: kvm: page reference leakage in handle_vmon
- BZ - 1418962 - Broken net:[...] instead of path for net namespaces in /proc/self/mounts
- BZ - 1421638 - CVE-2017-5970 kernel: ipv4: Invalid IP options could cause skb->dst drop
- BZ - 1422825 - CVE-2017-6001 kernel: Race condition between multiple sys_perf_event_open() calls
- BZ - 1424076 - vxlan: performance can suffer unless GRO is disabled on vxlan interface
- BZ - 1428353 - CVE-2017-2647 kernel: Null pointer dereference in search_keyring
- BZ - 1428684 - RFE: Backport of ICMP ratelimit fixes.
- BZ - 1428973 - PANIC: "kernel BUG at fs/ceph/addr.c:91!"
- BZ - 1430225 - kernel: fix crash in uio_release
- BZ - 1430347 - CVE-2016-10200 kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature
- BZ - 1433252 - CVE-2017-6951 kernel: NULL pointer dereference in keyring_search_aux function
- BZ - 1433831 - NVMe SSD fails to initialize on AWS i3.4xlarge instances
- BZ - 1434327 - CVE-2017-7187 kernel: scsi: Stack-based buffer overflow in sg_ioctl function
- BZ - 1436649 - CVE-2017-2671 kernel: ping socket / AF_LLC connect() sin_family race
- BZ - 1441088 - CVE-2017-7616 kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c
- BZ - 1443999 - Deadlock in reshape on single core machine
- BZ - 1444493 - CVE-2017-7889 kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism
- BZ - 1445054 - Setting ipv6.disable=1 prevents both IPv4 and IPv6 socket opening for VXLAN tunnels
- BZ - 1448312 - kernel panics in mce_register_decode_chain when booted on qemu
- BZ - 1450203 - Irrelevant upper layer protocol traffic may erroneously "confirm" neigh entries
- BZ - 1450972 - CVE-2017-8890 kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c
- BZ - 1452679 - CVE-2017-9074 kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option
- BZ - 1452688 - CVE-2017-9076 kernel: net: IPv6 DCCP implementation mishandles inheritance
- BZ - 1452691 - CVE-2017-9075 kernel: net: sctp_v6_create_accept_sk function mishandles inheritance
- BZ - 1452744 - CVE-2017-9077 kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance
- BZ - 1456388 - CVE-2017-9242 kernel: Incorrect overwrite check in __ip6_append_data()
- BZ - 1463241 - rlimit_stack problems after update to 3.10.0-514.21.2.el7, and JVM Crash after updating to kernel-3.10.0-514.21.2.el7.x86_64
- BZ - 1466329 - CVE-2017-8797 kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand
CVEs
References
Vulmon