RHSA-2015:1138: Important: kernel-rt security, bug fix, and enhancement update

First published: Tue Jun 23 2015(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> It was found that the Linux kernel's implementation of vectored pipe read</li> and write functionality did not take into account the I/O vectors that were<br>already processed when retrying after a failed atomic access operation,<br>potentially resulting in memory corruption due to an I/O vector array<br>overrun. A local, unprivileged user could use this flaw to crash the system<br>or, potentially, escalate their privileges on the system. (CVE-2015-1805,<br>Important)<br><li> A race condition flaw was found in the way the Linux kernel keys</li> management subsystem performed key garbage collection. A local attacker<br>could attempt accessing a key while it was being garbage collected, which<br>would cause the system to crash. (CVE-2014-9529, Moderate)<br><li> A flaw was found in the way the Linux kernel's 32-bit emulation</li> implementation handled forking or closing of a task with an 'int80' entry.<br>A local user could potentially use this flaw to escalate their privileges<br>on the system. (CVE-2015-2830, Low)<br><li> It was found that the Linux kernel's ISO file system implementation did</li> not correctly limit the traversal of Rock Ridge extension Continuation<br>Entries (CE). An attacker with physical access to the system could use this<br>flaw to trigger an infinite loop in the kernel, resulting in a denial of<br>service. (CVE-2014-9420, Low)<br><li> An information leak flaw was found in the way the Linux kernel's ISO9660</li> file system implementation accessed data on an ISO9660 image with RockRidge<br>Extension Reference (ER) records. An attacker with physical access to the<br>system could use this flaw to disclose up to 255 bytes of kernel memory.<br>(CVE-2014-9584, Low)<br><li> A flaw was found in the way the nft_flush_table() function of the Linux</li> kernel's netfilter tables implementation flushed rules that were<br>referencing deleted chains. A local user who has the CAP_NET_ADMIN<br>capability could use this flaw to crash the system. (CVE-2015-1573, Low)<br><li> An integer overflow flaw was found in the way the Linux kernel randomized</li> the stack for processes on certain 64-bit architecture systems, such as<br>x86-64, causing the stack entropy to be reduced by four. (CVE-2015-1593,<br>Low)<br>Red Hat would like to thank Carl Henrik Lunde for reporting CVE-2014-9420<br>and CVE-2014-9584. The security impact of CVE-2015-1805 was discovered by<br>Red Hat.<br>This update provides a build of the kernel-rt package for Red Hat<br>Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and<br>fixes the following issues:<br><li> storvsc: get rid of overly verbose warning messages</li> <li> storvsc: force discovery of LUNs that may have been removed</li> <li> storvsc: in responce to a scan event, scan the hos</li> <li> storvsc: NULL pointer dereference fix</li> <li> futex: Mention key referencing differences between shared and private</li> futexes<br><li> futex: Ensure get_futex_key_refs() always implies a barrier</li> <li> kernel module: set nx before marking module MODULE_STATE_COMING</li> <li> kernel module: Clean up ro/nx after early module load failures</li> <li> btrfs: make xattr replace operations atomic</li> <li> megaraid_sas: revert: Add release date and update driver version</li> <li> radeon: fix kernel segfault in hwmonitor</li> (BZ#1223077)<br>Bug fix:<br><li> There is an XFS optimization that depended on a spinlock to disable</li> preemption using the preempt_disable() function. When CONFIG_PREEMPT_RT is<br>enabled on realtime kernels, spinlocks do not disable preemption while<br>held, so the XFS critical section was not protected from preemption.<br>Systems on the Realtime kernel-rt could lock up in this XFS optimization<br>when a task that locked all the counters was then preempted by a realtime<br>task, causing all callers of that lock to block indefinitely. This update<br>disables the optimization when building a kernel with<br>CONFIG_PREEMPT_RT_FULL enabled. (BZ#1217849)<br>All kernel-rt users are advised to upgrade to these updated packages, which<br>correct these issues and add these enhancements. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:1138
• package-manager/redhat