(RHSA-2015:0290) Important: kernel security, bug fix, and enhancement update

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

• A flaw was found in the way the Linux kernel’s XFS file system handled
  replacing of remote attributes under certain conditions. A local user with
  access to XFS file system mount could potentially use this flaw to escalate
  their privileges on the system. (CVE-2015-0274, Important)

• It was found that the Linux kernel’s KVM implementation did not ensure
  that the host CR4 control register value remained unchanged across VM
  entries on the same virtual CPU. A local, unprivileged user could use this
  flaw to cause denial of service on the system. (CVE-2014-3690, Moderate)

• A flaw was found in the way Linux kernel’s Transparent Huge Pages (THP)
  implementation handled non-huge page migration. A local, unprivileged user
  could use this flaw to crash the kernel by migrating transparent hugepages.
  (CVE-2014-3940, Moderate)

• An out-of-bounds memory access flaw was found in the syscall tracing
  functionality of the Linux kernel’s perf subsystem. A local, unprivileged
  user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

• An out-of-bounds memory access flaw was found in the syscall tracing
  functionality of the Linux kernel’s ftrace subsystem. On a system with
  ftrace syscall tracing enabled, a local, unprivileged user could use this
  flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
  Moderate)

• A race condition flaw was found in the Linux kernel’s ext4 file system
  implementation that allowed a local, unprivileged user to crash the system
  by simultaneously writing to a file and toggling the O_DIRECT flag using
  fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

• A flaw was found in the way the Linux kernel’s netfilter subsystem
  handled generic protocol tracking. As demonstrated in the Stream Control
  Transmission Protocol (SCTP) case, a remote attacker could use this flaw to
  bypass intended iptables rule restrictions when the associated connection
  tracking module was not loaded on the system. (CVE-2014-8160, Moderate)

• It was found that due to excessive files_lock locking, a soft lockup
  could be triggered in the Linux kernel when performing asynchronous I/O
  operations. A local, unprivileged user could use this flaw to crash the
  system. (CVE-2014-8172, Moderate)

• A NULL pointer dereference flaw was found in the way the Linux kernel’s
  madvise MADV_WILLNEED functionality handled page table locking. A local,
  unprivileged user could use this flaw to crash the system. (CVE-2014-8173,
  Moderate)

• An information leak flaw was found in the Linux kernel’s IEEE 802.11
  wireless networking implementation. When software encryption was used, a
  remote attacker could use this flaw to leak up to 8 bytes of plaintext.
  (CVE-2014-8709, Low)

• A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge
  DEC USB device driver. A local user with write access to the corresponding
  device could use this flaw to crash the kernel or, potentially, elevate
  their privileges on the system. (CVE-2014-8884, Low)

Red Hat would like to thank Eric Windisch of the Docker project for
reporting CVE-2015-0274, Andy Lutomirski for reporting CVE-2014-3690, and
Robert Święcki for reporting CVE-2014-7825 and CVE-2014-7826.

This update also fixes several hundred bugs and adds numerous enhancements.
Refer to the Red Hat Enterprise Linux 7.1 Release Notes for information on
the most significant of these changes, and the following Knowledgebase
article for further information: https://access.redhat.com/articles/1352803

All Red Hat Enterprise Linux 7 users are advised to install these updated
packages, which correct these issues and add these enhancements. The system
must be rebooted for this update to take effect.