RHSA-2018:1319 Important: kernel security and bug fix update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Security Fixes are described in RHSA-2018:1319.

This update also fixes the following bugs:

  • If an application opened multiple streams to the same destination IP and port, the xmit_hash_policy bonding parameter based on the layer 3+4 addressing always hashed all these streams to the same interface. Consequently, all outbound connections used an even-ephemeral port. This update fixes the bonding driver to discard the lowest hash bit for 802.3ad layer 3+4. As a result, ephemeral port selection is now a random mix of odd and even port numbers, and network traffic is balanced between the slaves. (BZ#1550103)

  • Prior to this update, a rounding error resulted in incorrect page table directory (PGD) synchronization, resulting in missing memory mappings for hot-plugged memory. As a consequence, memory hot-plug events on virtual machines crossign 0.5 TiB boundaries resulted in a system crash. This update introduces a fix to the rounding of the boundary calculation and ensures that PGDs are correctly synchronized, no mappings are missing, and systems remain stable after hot-plugging new memory. (BZ#1551471)

  • Previously, when a virtio Network Interface Card (NIC) received a short frame from the guest, the virtio interface stopped transmitting any Ethernet packets. As a consequence, packets transmitted by the guest never appeared on the hypervisor virtual network (vnet) device. With this update, packets smaller than the usual size are dropped, and the virtio interface transmits packets correctly. (BZ#1557896)

  • A patch that fixed a crash in "clear_inode()" was previously added to the RHEL6 kernel. However, this patch introduced a side-effect where it was possible for an infinite loop and soft lockup to occur while using the "drop_caches()" interface to reclaim memory and if all page entries found by "find_get_pages()" were all swap entries. This update provides a fix to both the inifinite loop and the soft lockup. (BZ#1565989)

  • Prior to this update, missing checks in the bnx2x driver in code paths that implement the Precision Time Protocol (PTP) could cause a kernel crash if a PTP device was accessed while the bnx2x network interface associated with it was down. This update adds checks which cause the bnx2x driver to return an error code if the interface is down, and attempts to access a PTP device when its bnx2x interface is down now produces an error instead of causing a kernel crash. (BZ#1538586)

  • A bug caused by incorrect control register handling could previously cause user processes to crash on instructions related to transactional execution such as "TBEGIN". This update implements correct control register handling for transactional execution, and user processes no longer crash when running instructions related to it. (BZ#1538591)

  • Previously, the runqueue on systems with overcommitted CPUs was prone to ignoring clock updates. As a consequence, the runqueue was limited, which prevented critical tasks and their dependent tasks from running. This update ensures that the runqueue does not ignore the clock updates. As a result, the critical tasks and their dependant tasks are able to run in such situations. (BZ#1551475)

  • The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554252)

  • Previously, a missing check caused the kernel to process more than 16 Storage Block Address List (SBAL) elements. When this happened, running user programs using AF_IUCV sockets with HiperSockets transport could cause the kernel to crash. This update adds a check to ensure that no more than 16 SBAL elements are processed, and the kernel crash no longer happens. (BZ#1557477)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.

Before applying this update, make sure all previously released errata relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Article Type