RHSA-2018:3651 Moderate: kernel security, bug fix, and enhancement update

Updated

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Security Fixes are described in RHSA-2018:3651.

This update fixes the following bugs:

  • Previously, on user setups running a mixed workload, the scheduler did not pick up tasks because the runqueues were throttled for a long time. As a consequence, the system became partially unresponsive. To fix this bug, the kernel now sets a flag in the cfs_bandwidth struct to secure better task distribution. As a result, the system no longer becomes unresponsive in the described scenario. (This content is not included.BZ#1640675)

  • Previously, clearing a CPU mask with the cgroups feature triggered the following warning:

    kernel: WARNING: CPU: 422 PID: 364940 at kernel/cpuset.c:955 update_cpumasks_hier+0x3af/0x410

As a consequence, the user's log file was flooded with similar warning messages as above. This update fixes the bug and the warning message no longer appears in the described scenario. (This content is not included.BZ#1644236)

  • Previously, a lot of CPU time was occasionally spent in the kernel during a teardown of a container with a lot of memory assigned. As a consequence, an increased risk of CPU soft lockups could occur due to higher latency of a CPU scheduler for other processes during the container teardown. To fix the problem, the kernel now adds a reschedule to the tight kernel loop. As a result, the CPU scheduler latency is not increased by the container teardown and there is not the increased risk of CPU soft lockups in the described scenario. (This content is not included.BZ#1644673)

  • When a user created a VLAN device, the kernel set the wanted_features set of the VLAN to the current features of the base device. As a consequence, when the base device got new features, the features were not propagated to the VLAN device. This update fixes the bug and the VLAN device receives the new features in the described scenario.

Note that this only affects TCP Segmentation Offload (TSO). (This content is not included.BZ#1644675)

  • Previously, an address was trying to read the cache for the encryption bit detection, which led to a memory bit failure. As a consequence, the kernel accessed the memory with an incorrect decryption configuration, and it was impossible to reboot to the new kernel with boot options specified in the kexec system call. This update fixes the bug by making the kernel re-detect the encryption bit on each occasion, and the described problem no longer occurs. (This content is not included.BZ#1644990)
Article Type