RHSA-2017:1615 Important: kernel security and bug fix update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links.

This update also fixes the following bugs:

  • Previously, the kernel could not create zImage using the tools supplied in kernel-bootwrapper on the little-endian variant of IBM Power Systems. This update fixes alignment of the zImage table of contents, and the kernel-bootwraper can now create zImage as expected. This content is not included.BZ#1444343

  • Previously, the reserved pages counter (HugePages_Rsvd) was bigger than the total pages counter (HugePages_Total) in the /proc/meminfo file. Consequently, HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs. This content is not included.BZ#1445184

  • Previously, the Fibre Channel over Ethernet (FCoE) adapter in some cases failed to reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots as expected. This content is not included.BZ#1446246

  • Previously, it could take a long time (more than 15 minutes) to access the Serial Attached SCSI (SAS) devices after reboot. This update fixes the sas driver, and the SAS devices are now accessible as expected after reboot. This content is not included.BZ#1446650

  • Previously, Non-volatile Memory Express Solid-state Drive (NVME SSD) occasionally failed to initialize on AWS i3.4xlarge instances. This update fixes the Xen support code in the Linux kernel, and NVME SSD now initializes as expected under the described circumstances. This content is not included.BZ#1450037

  • When a Redundant Array of Independent Discs (RAID) controller was attached, the minimum Remote Monitoring Agent (RMA) size was insufficient. Consequently, attempts to boot into rescue mode failed with the following error message:

    "Could not allocate memory for RTAS"

This update fixes the powerpc prom to increase the minimum size of RMA to 512 MB. As a result, the operating system now boots into rescue mode as expected in the described situation. This content is not included.BZ#1450041

  • If a directory on a NFS client was modified while being listed, the NFS client could restart the directory listing multiple times. Consequently, the performance of listing the directory was suobptimal. With this update, this bug has been fixed, and restarting of the directory listing happens less frequently. As a result, the performance of listing the directory while it is being modified has improved. This content is not included.BZ#1450851

  • When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU process occasionally terminated unexpectedly due to a failed VFIO Direct Memory Access (DMA) map request. This update fixes the vfio driver, and QEMU no longer crashes in the described situation. This content is not included.BZ#1450855

  • When creating or destroying a VM with Virtual Function I/O (VFIO) devices with "Hugepages" feature enabled, errors in Direct Memory Access (DMA) page table entry (PTE) mappings occurred, and QEMU memory usage behaved unpredictably. This update fixes range computation when making room for large pages in Input/Output Memory Management Unit (IOMMU). As a result, errors in DMA PTE mappings no longer occur, and QEMU has a predictable memory usage in the described situation.
    This content is not included.BZ#1450856

  • When the operating system was booted with in-box lpfc driver, a kernel panic occurred on the little-endian variant of IBM Power Systems. This update fixes lpfc, and the kernel no longer panics in the described situation. This content is not included.BZ#1452044

  • When the operating system was booted with ipv6.disable module parameter set to 1 (ipv6.disable=1) on kernel command line, Virtual eXtensible Local Area Networking (VXLAN) tunnel failed to initialize with this error:

    "vxlan: Cannot bind port 4789, err=-97" which is EAFNOSUPPORT."

Both IPv6 and IPv4 sockets for VXLAN tunnels failed to open, despite only IPv6 being disabled. This update fixes the implementation of VXLAN tunnels in the Linux kernel. As a result, IPv4 socket is now created as expected under the described circumstances. This content is not included.BZ#1454636

  • Previously, a race condition between Linux kernel module error handling and kprobe registration code existed in the Linux kernel. The protection that was applied during module error handling code could be overridden by kprobe registration code before the module was deallocated. Consequently, the mapped page could be freed and become not 'writable'. When this page was later accessed, a page fault occurred, which led to a kernel panic. This update fixes the race condition, and the kernel no longer panics due to this bug. This content is not included.BZ#1454684
Article Type