RHSA-2015:1978 Moderate: kernel security and bug fix update

Updated

Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links.

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • A flaw was found in the way the Linux kernel's VFS subsystem handled file system locks. A local, unprivileged user could use this flaw to trigger a deadlock in the kernel, causing a denial of service on the system. (CVE-2014-8559, Moderate)

  • A buffer overflow flaw was found in the way the Linux kernel's virtio-net subsystem handled certain fraglists when the GRO (Generic Receive Offload) functionality was enabled in a bridged network configuration. An attacker on the local network could potentially use this flaw to crash the system, or, although unlikely, elevate their privileges on the system. (CVE-2015-5156, Moderate)

The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat.

This update also fixes the following bugs:

  • The kernel could previously delay interrupts for a long time which could result in timers being delayed as well. As a consequence, the intel_pstate driver terminated unexpectedly with a "divide by zero" error. This update changes the div_fp() function to use div64_s64() to allow for "long" division, which avoids the overflow condition on long delays. As a result, the kernel no longer delays for a long time and intel_pstate no longer panics in this situation. (This content is not included.BZ#1255496)

  • VxLAN offloading was not functional if the Network Interface Controller (NIC) was running in multichannel mode. As a consequence, when VxLAN offloading was enabled by the be2net driver, remote connectivity stopped, returning an error message. An upstream patch has been backported to fix this bug, and network connectivity is now preserved when VxLAN offloading is enabled. (This content is not included.BZ#1256609)

  • Previously, a client could receive a stateid-type error, for example, BAD_STATEID, on the setattr() function when stateid delegation was used. When no open state existed, in case of application calling the truncate() function on the file, the client had no state to recover to and failed. With this update, the incorrect delegation is removed and after than setattr() with a zero stateid resent. (This content is not included.BZ#1256639)

  • When Parallel NFS (pNFS) I/O attempt failed and I/O was redirected to the MDS, the layout segment used for I/O refcount was previously not decremented. As a consequence, the data server session continued to exist after umount. This update fixes the memory leak when attempted pNFS fails, and Data Server connection is now disconnected after umount as expected. (This content is not included.BZ#1256640)

  • Previously, there was a 5-second timeout for Hyper-V host to respond when sending a message, which could lead to a kernel crash during boot on heavily loaded Hyper-V hosts. An upstream patch eliminating the timeout has been applied to fix this bug, and Red Hat Enterprise Linux guest now boots normally even on heavily loaded Hyper-V hosts. (This content is not included.BZ#1262096)

  • Previously, the NFS code was not stopping during recovery situations, which led to a race between recovery and standard I/O. An upstream kernel patch has been applied to fix this bug, and the race no longer occurs in this situation. (This content is not included.BZ#1256649)

  • Due to a bug in TX buffer clearing, under high stress to Intel Ethernet Controller X540, PCIe Unexpected Completion was previously detected, leading to the system crash. The provided patch makes sure no TX pending tasks exist before clearing TX buffer, thus fixing this bug. (This content is not included.BZ#1257633)

  • Due to a memory corruption, a crash previously occurred in the kmem_cache_alloc() function during disk stress testing using the ipr device driver. The underlying source code has been patched, and the crash no longer occurs. (This content is not included.BZ#1260625)

  • If the raid1_end_read_request() function detected an I/O error on a device which was the target of a resync, raid1_end_read_request() could incorrectly decide that the error was on the last working device, and propagate an error. As a consequence, read from Multiple Devices (MD) RAID1 could fail. This update fixes this bug, and I/O errors no longer occur outside MD. (This content is not included.BZ#1263416)

  • Previously on Stratus hardware, a higher-than-expected error rate during memory synchronization was previously detected. This update adds the missing mm_track call to the native_pmdp_get_and_clear() function, thus fixing this bug. (This content is not included.BZ#1263525)

  • Due to an incomplete backport of an upstream feature, memory allocation failure in the radix tree library was not handled properly and could lead to a memory corruption and system instability. The missing code has now been added and the memory allocation failure is handled properly. (This content is not included.BZ#1264142)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Product(s)
Components
Article Type