CWE
476 362
Advisory Published

RHSA-2015:0694: Important: kernel-rt security, bug fix, and enhancement update

First published: Tue Mar 17 2015(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> A flaw was found in the way the Linux kernel's XFS file system handled</li> replacing of remote attributes under certain conditions. A local user with<br>access to XFS file system mount could potentially use this flaw to escalate<br>their privileges on the system. (CVE-2015-0274, Important)<br><li> A flaw was found in the way the Linux kernel's splice() system call</li> validated its parameters. On certain file systems, a local, unprivileged<br>user could use this flaw to write past the maximum file size, and thus<br>crash the system. (CVE-2014-7822, Moderate)<br><li> A race condition flaw was found in the Linux kernel's ext4 file system</li> implementation that allowed a local, unprivileged user to crash the system<br>by simultaneously writing to a file and toggling the O_DIRECT flag using<br>fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)<br><li> It was found that due to excessive files_lock locking, a soft lockup</li> could be triggered in the Linux kernel when performing asynchronous I/O<br>operations. A local, unprivileged user could use this flaw to crash the<br>system. (CVE-2014-8172, Moderate)<br><li> A NULL pointer dereference flaw was found in the way the Linux kernel's</li> madvise MADV_WILLNEED functionality handled page table locking. A local,<br>unprivileged user could use this flaw to crash the system. (CVE-2014-8173,<br>Moderate)<br>Red Hat would like to thank Eric Windisch of the Docker project for<br>reporting CVE-2015-0274, and Akira Fujita of NEC for reporting<br>CVE-2014-7822.<br>Bug fixes:<br><li> A patch removing the xt_connlimit revision zero ABI was not reverted in</li> the kernel-rt package, which caused problems because the iptables package<br>requires this revision. A patch to remove the xt_connlimit revision 0 was<br>reverted from the kernel-rt sources to allow the iptables command to<br>execute correctly. (BZ#1169755)<br><li> With an older Mellanox Connect-IB (mlx4) driver present in the MRG</li> Realtime kernel, a race condition could occur that would cause a loss of<br>connection. The mlx4 driver was updated, resolving the race condition and<br>allowing proper connectivity. (BZ#1182246)<br><li> The MRG Realtime kernel did not contain the appropriate code to resume</li> after a device failed, causing the volume status after a repair to not be<br>properly updated. A "refresh needed" was still listed in the "lvs" output<br>after executing the "lvchange --refresh" command. A patch was added that<br>adds the ability to correctly restore a transiently failed device upon<br>resume. (BZ#1159803)<br><li> The sosreport executable would hang when reading</li> /proc/net/rpc/use-gss-proxy because of faulty wait_queue logic in the proc<br>handler. This wait_queue logic was removed from the proc handler, allowing<br>the reads to correctly return the current state. (BZ#1169900)<br>Enhancements:<br><li> The MRG Realtime kernel-rt sources have been modified to take advantage</li> of the updated 3.10 kernel sources that are available with the Red Hat<br>Enterprise Linux 7 releases. (BZ#1172844)<br><li> The MRG Realtime version of the e1000e driver has been updated to provide</li> support for the Intel I218-LM network adapter. (BZ#1191767)<br><li> The MRG Realtime kernel was updated to provide support for the</li> Mellanox Connect-IB (mlx5). (BZ#1171363)<br><li> The rt-firmware package has been updated to provide additional firmware</li> files required by the new version of the Red Hat Enterprise MRG 2.5 kernel<br>(BZ#1184251)<br>All kernel-rt users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues and add these<br>enhancements. The system must be rebooted for this update to take effect.<br>

Affected SoftwareAffected VersionHow to fix
redhat/kernel-rt<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-debug<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-debug-debuginfo<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-debug-devel<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-debuginfo<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-devel<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-doc<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-firmware<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-trace<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-trace-debuginfo<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-trace-devel<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-vanilla<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-vanilla-debuginfo<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6
redhat/kernel-rt-vanilla-devel<3.10.0-229.rt56.144.el6
3.10.0-229.rt56.144.el6

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203