RHSA-2015:1787: Important: kernel-rt security, bug fix, and enhancement update

First published: Tue Sep 15 2015(Updated: )

The kernel-rt packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> Two flaws were found in the way the Linux kernel's networking</li> implementation handled UDP packets with incorrect checksum values. A remote<br>attacker could potentially use these flaws to trigger an infinite loop in<br>the kernel, resulting in a denial of service on the system, or cause a<br>denial of service in applications using the edge triggered epoll<br>functionality. (CVE-2015-5364, CVE-2015-5366, Important)<br><li> A flaw was found in the way the Linux kernel's ext4 file system handled</li> the "page size &gt; block size" condition when the fallocate zero range<br>functionality was used. A local attacker could use this flaw to crash the<br>system. (CVE-2015-0275, Moderate)<br><li> It was found that the Linux kernel's keyring implementation would leak</li> memory when adding a key to a keyring via the add_key() function. A local<br>attacker could use this flaw to exhaust all available memory on the system.<br>(CVE-2015-1333, Moderate)<br><li> A race condition flaw was found in the way the Linux kernel's SCTP</li> implementation handled Address Configuration lists when performing Address<br>Configuration Change (ASCONF). A local attacker could use this flaw to<br>crash the system via a race condition triggered by setting certain ASCONF<br>options on a socket. (CVE-2015-3212, Moderate)<br><li> An information leak flaw was found in the way the Linux kernel's Virtual</li> Dynamic Shared Object (vDSO) implementation performed address<br>randomization. A local, unprivileged user could use this flaw to leak<br>kernel memory addresses to user-space. (CVE-2014-9585, Low)<br>Red Hat would like to thank Canonical for reporting the CVE-2015-1333<br>issue. The CVE-2015-0275 issue was discovered by Xiong Zhou of Red Hat, and<br>the CVE-2015-3212 issue was discovered by Ji Jianwen of Red Hat<br>Engineering.<br>This update provides a build of the kernel-rt package for Red Hat<br>Enterprise MRG 2.5 that is layered on Red Hat Enterprise Linux 6, and fixes<br>the following issues:<br><li> Fix regression in scsi_send_eh_cmnd()</li> <li> boot hangs at "Console: switching to colour dummy device 80x25"</li> <li> Update tcp stack to 3.17 kernel</li> <li> ksoftirqd high CPU usage due to stray tasklet from ioatdma driver</li> (BZ#1245345)<br>This update also fixes the following bugs:<br><li> The configuration option CONFIG_RTC_HCTOSYS was disabled on the realtime</li> kernel causing the RTC clock to be adjusted with the UTC time even if the<br>system is configured to set the RTC to the local time. By enabling the<br>CONFIG_RTC_HCTOSYS configuration option, when the system is configured to<br>use local time, RTC will correctly update with the local time and not try<br>to use another timezone. (BZ#1248047)<br><li> In the realtime kernel, if a rt_mutex was taken while in interrupt</li> context the normal priority inheritance protocol would falsely identify a<br>deadlock and trigger a kernel crash. The patch that added the rt_mutex in<br>this interrupt context was reverted. (BZ#1250649)<br>All kernel-rt users are advised to upgrade to these updated packages, which<br>correct these issues and add these enhancements. The system must be<br>rebooted for this update to take effect.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• agent/description
• agent/event
• agent/first-publish-date
• agent/last-modified-date
• agent/references
• agent/remedy
• agent/severity
• agent/softwarecombine
• agent/tags
• agent/title
• agent/type
• agent/weakness
• collector/redhat-errata
• anchor-id/RHSA-2015:1787
• package-manager/redhat