RHSA-2014:1943: Moderate: kernel-rt security, bug fix, and enhancement update

First published: Tue Dec 02 2014(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br>A denial of service flaw was found in the way the Linux kernel's XFS file<br>system implementation ordered directory hashes under certain conditions.<br>A local attacker could use this flaw to corrupt the file system by creating<br>directories with colliding hash values, potentially resulting in a system<br>crash. (CVE-2014-7283, Moderate)<br>An out-of-bounds memory access flaw was found in the syscall tracing<br>functionality of the Linux kernel's perf subsystem. A local, unprivileged<br>user could use this flaw to crash the system. (CVE-2014-7825, Moderate)<br>An out-of-bounds memory access flaw was found in the syscall tracing<br>functionality of the Linux kernel's ftrace subsystem. On a system with<br>ftrace syscall tracing enabled, a local, unprivileged user could use this<br>flaw to crash the system, or escalate their privileges. (CVE-2014-7826,<br>Moderate)<br>Red Hat would like to thank Robert Święcki for reporting CVE-2014-7825 and<br>CVE-2014-7826.<br>The kernel-rt packages have been upgraded to upstream version 3.10.58,<br>which provides a number of bug fixes and enhancements over the previous<br>version. (BZ#1158105)<br>This update also fixes the following bugs:<br><li> Automatic NUMA balancing on a low priority thread could cause memory</li> contention with a high priority thread running in the same process.<br>This contention could trigger poor realtime performance on the system.<br>In order to avoid this potential memory contention, the MRG Realtime kernel<br>now disables NUMA_BALANCING_DEFAULT_ENABLED. (BZ#1158940)<br><li> When tracing a bug, WARN*() functions could flood the ring buffer making</li> the trace useless or even overflowing the ring buffer. To address this<br>issue, a traceoff_on_warning option was added to the kernel command line<br>and as a sysctl option. This option disables the writing of the warning<br>messages to the ring buffer, which results in a cleaner trace for<br>debugging. (BZ#1155200)<br>In addition, this update adds the following enhancement:<br><li> Support for XHCI (USB 3) is now enabled in the MRG Realtime kernel.</li> (BZ#1134095)<br>All kernel-rt users are advised to upgrade to these updated packages, which<br>contain correct these issues and add these enhancements. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• collector/redhat-errata
• anchor-id/RHSA-2014:1943
• package-manager/redhat