First published: Wed Sep 06 2017(Updated: )
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.<br>Security Fix(es):<br><li> A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data, which may lead to the privilege escalation. (CVE-2017-7533, Important)</li> <li> It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)</li> This update also fixes multiple Moderate and Low impact security issues:<br>CVE-2017-8797 CVE-2015-8839 CVE-2016-9576 CVE-2016-7042 CVE-2016-7097 CVE-2016-8645 CVE-2016-9576 CVE-2016-9806 CVE-2016-10088 CVE-2017-2671 CVE-2017-5970 CVE-2017-6001 CVE-2017-6951 CVE-2017-7187 CVE-2017-7889 CVE-2017-8890 CVE-2017-9074 CVE-2017-8890 CVE-2017-9075 CVE-2017-8890 CVE-2017-9076 CVE-2017-8890 CVE-2017-9077 CVE-2016-9604 CVE-2016-9685<br>Documentation for these issues are available from the Technical Notes document linked to in the References section.<br>Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The University of Hong Kong), and Shixiong Zhao (The University of Hong Kong) for reporting CVE-2017-7533 and Marco Grassi for reporting CVE-2016-8645. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-9604 issue was discovered by David Howells (Red Hat); and the CVE-2016-9685 issue was discovered by Qian Cai (Red Hat).
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/kernel-rt | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-debug | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-debug-debuginfo | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-debug-devel | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-debuginfo | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-devel | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-doc | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-firmware | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-trace | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-trace-debuginfo | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-trace-devel | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-vanilla | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-vanilla-debuginfo | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
redhat/kernel-rt-vanilla-devel | <3.10.0-693.2.1.rt56.585.el6 | 3.10.0-693.2.1.rt56.585.el6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.