RHSA-2015:2552: Important: kernel security and bug fix update

First published: Tue Dec 08 2015(Updated: )

The kernel packages contain the Linux kernel, the core of any Linux<br>operating system.<br><li> It was found that the x86 ISA (Instruction Set Architecture) is prone to</li> a denial of service attack inside a virtualized environment in the form of<br>an infinite loop in the microcode due to the way (sequential) delivering of<br>benign exceptions such as #AC (alignment check exception) and #DB (debug<br>exception) is handled. A privileged user inside a guest could use these<br>flaws to create denial of service conditions on the host kernel.<br>(CVE-2015-5307, CVE-2015-8104, Important)<br>Red Hat would like to thank Ben Serebrin of Google Inc. for reporting the<br>CVE-2015-5307 issue.<br>This update also fixes the following bugs:<br><li> On Intel Xeon v5 platforms, the processor frequency was always tied to</li> the highest possible frequency. Switching p-states on these client<br>platforms failed. This update sets the idle frequency, busy frequency, and<br>processor frequency values by determining the range and adjusting the<br>minimal and maximal percent limit values. Now, switching p-states on the<br>aforementioned client platforms proceeds successfully. (BZ#1273926)<br><li> Due to a validation error of in-kernel memory-mapped I/O (MMIO) tracing,</li> a VM became previously unresponsive when connected to Red Hat Enterprise<br>Virtualization Hypervisor. The provided patch fixes this bug by dropping<br>the check in MMIO handler, and a VM continues running as expected.<br>(BZ#1275150)<br><li> Due to retry-able command errors, the NVMe driver previously leaked I/O</li> descriptors and DMA mappings. As a consequence, the kernel could become<br>unresponsive during the hot-unplug operation if a driver was removed.<br>This update fixes the driver memory leak bug on command retries, and the<br>kernel no longer hangs in this situation. (BZ#1279792)<br><li> The hybrid_dma_data() function was not initialized before use, which</li> caused an invalid memory access when hot-plugging a PCI card. As a<br>consequence, a kernel oops occurred. The provided patch makes sure<br>hybrid_dma_data() is initialized before use, and the kernel oops no longer<br>occurs in this situation. (BZ#1279793)<br><li> When running PowerPC (PPC) KVM guests and the host was experiencing a lot</li> of page faults, for example because it was running low on memory, the host<br>sometimes triggered an incorrect kind of interrupt in the guest: a data<br>storage exception instead of a data segment exception. This caused a kernel<br>panic of the PPC KVM guest. With this update, the host kernel synthesizes a<br>segment fault if the corresponding Segment Lookaside Buffer (SLB) lookup<br>fails, which prevents the kernel panic from occurring. (BZ#1281423)<br><li> The kernel accessed an incorrect area of the khugepaged process causing</li> Logical Partitioning (LPAR) to become unresponsive, and an oops occurred in<br>medlp5. The backported upstream patch prevents an LPAR hang, and the oops<br>no longer occurs. (BZ#1281424)<br><li> When the sctp module was loaded and a route to an association endpoint</li> was removed after receiving an Out-of-The-Blue (OOTB) chunk but before<br>incrementing the "dropped because of missing route" SNMP statistic, a Null<br>Pointer Dereference kernel panic previously occurred. This update fixes the<br>race condition between OOTB response and route removal. (BZ#1281426)<br><li> The cpuscaling test of the certification test suite previously failed due</li> to a rounding bug in the intel-pstate driver. This bug has been fixed and<br>the cpuscaling test now passes. (BZ#1281491)<br>All kernel users are advised to upgrade to these updated packages, which<br>contain backported patches to correct these issues. The system must be<br>rebooted for this update to take effect.

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2015:2552
• agent/title
• agent/weakness
• agent/severity
• agent/references
• agent/description
• agent/type
• agent/event
• agent/remedy
• agent/softwarecombine
• agent/last-modified-date
• agent/first-publish-date
• agent/tags
• package-manager/redhat