CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
10.1%
CentOS Errata and Security Advisory CESA-2017:2863
The kernel packages contain the Linux kernel, the core of any Linux operating system.
Security Fix(es):
Bug Fix(es):
Previously, removal of a rport during ISCSI target scanning could cause a kernel panic. This was happening because addition of STARGET_REMOVE to the rport state introduced a race condition to the SCSI code. This update adds the STARGET_CREATED_REMOVE state as a possible state of the rport and appropriate handling of that state, thus fixing the bug. As a result, the kernel panic no longer occurs under the described circumstances. (BZ#1472127)
Previously, GFS2 contained multiple bugs where the wrong inode was assigned to GFS2 cluster-wide locks (glocks), or the assigned inode was cleared incorrectly. Consequently, kernel panic could occur when using GFS2. With this update, GFS2 has been fixed, and the kernel no longer panics due to those bugs. (BZ#1479397)
Previously, VMs with memory larger than 64GB running on Hyper-V with Windows Server hosts reported potential memory size of 4TB and more, but could not use more than 64GB. This was happening because the Memory Type Range Register (MTRR) for memory above 64GB was omitted. With this update, the /proc/mtrr file has been fixed to show correct base/size if they are more than 44 bit wide. As a result, the whole size of memory is now available as expected under the described circumstances. (BZ#1482855)
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2017-October/084726.html
Affected packages:
kernel
kernel-abi-whitelists
kernel-debug
kernel-debug-devel
kernel-devel
kernel-doc
kernel-firmware
kernel-headers
perf
python-perf
Upstream details at:
https://access.redhat.com/errata/RHSA-2017:2863
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 6 | i686 | kernel | < 2.6.32-696.13.2.el6 | kernel-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | noarch | kernel-abi-whitelists | < 2.6.32-696.13.2.el6 | kernel-abi-whitelists-2.6.32-696.13.2.el6.noarch.rpm |
CentOS | 6 | i686 | kernel-debug | < 2.6.32-696.13.2.el6 | kernel-debug-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | i686 | kernel-debug-devel | < 2.6.32-696.13.2.el6 | kernel-debug-devel-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | i686 | kernel-devel | < 2.6.32-696.13.2.el6 | kernel-devel-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | noarch | kernel-doc | < 2.6.32-696.13.2.el6 | kernel-doc-2.6.32-696.13.2.el6.noarch.rpm |
CentOS | 6 | noarch | kernel-firmware | < 2.6.32-696.13.2.el6 | kernel-firmware-2.6.32-696.13.2.el6.noarch.rpm |
CentOS | 6 | i686 | kernel-headers | < 2.6.32-696.13.2.el6 | kernel-headers-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | i686 | perf | < 2.6.32-696.13.2.el6 | perf-2.6.32-696.13.2.el6.i686.rpm |
CentOS | 6 | i686 | python-perf | < 2.6.32-696.13.2.el6 | python-perf-2.6.32-696.13.2.el6.i686.rpm |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
10.1%