Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Moderate: kernel-rt security and bug fix update

Related Vulnerabilities: CVE-2017-1000380   CVE-2017-1000380   CVE-2017-1000380  

Source

Synopsis

Moderate: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Moderate

Topic

An update for kernel-rt is now available for Red Hat Enterprise MRG 2.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • It was found that the timer functionality in the Linux kernel ALSA subsystem is prone to a race condition between read and ioctl system call handlers, resulting in an uninitialized memory disclosure to user space. A local user could use this flaw to read information belonging to other users. (CVE-2017-1000380, Moderate)

Red Hat would like to thank Alexander Potapenko (Google) for reporting this issue.

Bug Fix(es):

  • The current realtime throttling mechanism prevents the starvation of non-realtime tasks by CPU-intensive realtime tasks. When a realtime run queue is throttled, it allows non-realtime tasks to run. If there are not non-realtime tasks, the CPU goes idle. To safely maximize CPU usage by decreasing the CPU idle time, the RT_RUNTIME_GREED scheduler feature has been implemented. When enabled, this feature checks if non-realtime tasks are starving before throttling the realtime task. The RT_RUNTIME_GREED scheduler option guarantees some run time on all CPUs for the non-realtime tasks, while keeping the realtime tasks running as much as possible. (BZ#1459275)
  • The kernel-rt packages have been upgraded to version 3.10.0-693.11.1.rt56.595, which provides a number of security and bug fixes over the previous version. (BZ#1500036)
  • In the realtime kernel, if the rt_mutex locking mechanism was taken in the interrupt context, the normal priority inheritance protocol incorrectly identified a deadlock, and a kernel panic occurred. This update reverts the patch that added rt_mutex in the interrupt context, and the kernel no longer panics due to this behavior. (BZ#1509021)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • MRG Realtime 2 x86_64

Fixes

  • BZ - 1463311 - CVE-2017-1000380 kernel: information leak due to a data race in ALSA timer
  • BZ - 1500036 - update the MRG 2.5.z 3.10 kernel-rt sources
  • BZ - 1509021 - [MRG-RT] Possible regression with NOHZ_FULL & rt_mutexes in IRQ (BZ1250649)

CVEs

References

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started