RHSA-2018:1738 Important: kernel security and bug fix update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Security Fixes are described in RHSA-2018:1738.

This update fixes the following bugs:

  • Previously, the operating system in some cases rebooted while resuming from hibernation. This update fixes the hibernate power management in the Linux kernel so that the system no longer reboots but resumes from hibernation properly. (This content is not included.BZ#1541900)

  • Previously, the hpsa driver did not work correctly. Consequently, the multipath failover test failed after multiple iterations. This update applies a set of patches to hpsa, and the multipath failover test now proceeds as expected. (This content is not included.BZ#1554232) (This content is not included.BZ#1554961)

  • Previously, the memory management metadata was not correctly initialized at boot time. As a consequence, the kernel panicked later during normal runtime with the following error message:

kernel BUG at mm/page_alloc.c:1389!

This update fixes the boot metadata initialization, and the kernel no longer panics due to this bug.
(This content is not included.BZ#1554417)

  • This update provides a standard vulnerability status file and a mitigation switch file for the Meltdown vulnerability on IBM Power systems. These files allow you to verify whether the system is vulnerable against the Meltdown attack with a standard sysfs file, and to switch the RFI Flush mitigation against the attack on and off at runtime using a debugfs file if required. The vulnerability status file is located at "/sys/devices/system/cpu/vulnerabilities/meltdown", and the mitigation switch is available at "/sys/kernel/debug/powerpc/rfi_flush". (This content is not included.BZ#1554729)

  • This update backports multiple upstream patches to Internet Protocol Virtual Server (IPVS) to work properly for Standard Initiation Protocol (SIP). Most notably, the SIP-persistence-engine functionality of IPVS has been fixed to work correctly. (This content is not included.BZ#1556837)

  • Previously, post-eof extents were not validated correctly due to a bug in XFS writeback code. Consequently, a race condition between cleaning of post-eof speculative preallocation and writeback occurred, which led to a data corruption. With this update, the race condition has been fixed, and post-eof extents are now validated properly. As a result, the data corruption no longer occurs. (This content is not included.BZ#1560421)

  • Previously, the qeth network device driver did not calculate the number of required buffer elements for socket buffer (SKB) correctly, and sometimes selected an IO buffer with not enough spare buffer elements to fit all data of SKB. Consequently, hardware detected a malformed buffer descriptor, and raised an exception, which then triggered device recovery. This update fixes qeth to not underestimate the number of required buffer elements for SKB, and network devices are no longer incorrectly restarted due to this bug. (This content is not included.BZ#1561069)

  • When inserting a new key-value pair into a full root node of device mapper (DM) thin provisioning's btree data structure, the btree_split_beneath() function could incorrectly update the spine of the btree. Consequently, the btree spine was corrupted. This update fixes btree_split_beneath() to not adjust the spine of btree nodes directly. As a result, the btree is updated correctly as a side-effect of the main loop for btree insertion. (This content is not included.BZ#1561362)

  • Previously, some 6th Generation Intel Xeon Processors had incorrect time frequency settings. As a consequence, a 1 second error was introduced every 10 minutes relative to the system master clock. This update provides the correct time frequency settings. As a result, the system time now runs precisely. (This content is not included.BZ#1563087)

  • Previously, removing a physical CPU from a running system triggered a redundant warning message. This update prevents resetting the processor id value during removal. As a result the warning message no longer appears. (This content is not included.BZ#1563090)

  • This update provides support for enabling or disabling the Return from Interrupt (RFI) flush functionality on IBM POWER Systems with up-to-date firmware. In certain secured environments, a system administrator prefers the system performance to its security. As a result, disabling RFI allows to choose higher system performance over its security. (This content is not included.BZ#1563095)

  • When accepting the Stream Control Transmission Protocol (SCTP) connection, its Transmission Control Block (TCB) migration did not set the data owner as a new socket. As a consequence, it was impossible to release the new socket, and the previous socket experienced a memory leak. This update sets the data owner as a new socket during the SCTP TCB migration. As a result, the new socket no longer underflows, and the memory leak on the previous socket no longer occurs during the described scenario. (This content is not included.BZ#1565982)

  • Previously, the firmware version 5.3 and earlier for the Intel XL710 devices contained errors, which prevented the correct L4 time stamping for Precision Time Protocol (PTP). As a consequence, the kernel disabled the use of L4 time stamping for the affected devices. This update restricts disabling of L4 time stamping only to devices with the erroneous firmware. As a result, the use of L4 time stamping on XL710 with firmware version 6.0 and later is enabled. (This content is not included.BZ#1567058)

  • When the system was under a heavy load, the TX driver in some cases became unresponsive and TCP performed poorly. As a consequence, TX became unresponsive and TCP performed poorly. This update prevents the race condition in the TX driver code and sets the VMXNET 3 internal LRO flag properly. As a result, TX does not become unresponsive and TCP performs as expected under the heavy load. (This content is not included.BZ#1567769)

  • Previously, the UEFI top-level page table was not configured properly to work with the page table isolation (PTI) feature. As a consequence, certain memory locations got corrupted and page tables were set incorrectly, which caused random crashes or system reboots without any error message. With this update, the UEFI top-level page table has been modified to reflect the PTI requirement. As a result, the described problems no longer occur. (This content is not included.BZ#1567894)

  • Previously, the XFS file system allowed the data writeback mechanism to call into XFS for memory allocation. As a consequence, XFS experienced a deadlock. With this update, the writeback mechanism is not allowed to call into XFS for memory allocation. As a result XFS no longer deadlocks due to this bug. (This content is not included.BZ#1568319)

  • Previously, the prepend_path() function under certain circumstances generated unclear and outdated error messages. This update removes the warning. (This content is not included.BZ#1568321)

  • When a CPU thread went into an idle state, the Indirect Branch Restricted Speculation (IBRS) feature remained enabled on the core. As a consequence, the performance of the idle CPU's sibling decreased. This update disables IBRS before the CPU enters the idle state. As a result, the idle CPU thread no longer decreases the performance of its sibling. (This content is not included.BZ#1570531)

  • Previously, an erroneous code in the x86 kexec system call path caused a memory corruption. As a consequence, the system became unresponsive with the following kernel stack trace:

'WARNING: CPU: 13 PID: 36409 at lib/list_debug.c:59 __list_del_entry+0xa1/0xd0 list_del corruption. prev->next should be ffffdd03fddeeca0, but was (null)'

This update ensures that the code does not corrupt memory. As a result, the operating system no longer hangs. (This content is not included.BZ#1573170)

Article Type