(RHSA-2015:0694) Important: kernel-rt security, bug fix, and enhancement update

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

• A flaw was found in the way the Linux kernel’s XFS file system handled
  replacing of remote attributes under certain conditions. A local user with
  access to XFS file system mount could potentially use this flaw to escalate
  their privileges on the system. (CVE-2015-0274, Important)

• A flaw was found in the way the Linux kernel’s splice() system call
  validated its parameters. On certain file systems, a local, unprivileged
  user could use this flaw to write past the maximum file size, and thus
  crash the system. (CVE-2014-7822, Moderate)

• A race condition flaw was found in the Linux kernel’s ext4 file system
  implementation that allowed a local, unprivileged user to crash the system
  by simultaneously writing to a file and toggling the O_DIRECT flag using
  fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

• It was found that due to excessive files_lock locking, a soft lockup
  could be triggered in the Linux kernel when performing asynchronous I/O
  operations. A local, unprivileged user could use this flaw to crash the
  system. (CVE-2014-8172, Moderate)

• A NULL pointer dereference flaw was found in the way the Linux kernel’s
  madvise MADV_WILLNEED functionality handled page table locking. A local,
  unprivileged user could use this flaw to crash the system. (CVE-2014-8173,
  Moderate)

Red Hat would like to thank Eric Windisch of the Docker project for
reporting CVE-2015-0274, and Akira Fujita of NEC for reporting
CVE-2014-7822.

Bug fixes:

• A patch removing the xt_connlimit revision zero ABI was not reverted in
  the kernel-rt package, which caused problems because the iptables package
  requires this revision. A patch to remove the xt_connlimit revision 0 was
  reverted from the kernel-rt sources to allow the iptables command to
  execute correctly. (BZ#1169755)

• With an older Mellanox Connect-IB (mlx4) driver present in the MRG
  Realtime kernel, a race condition could occur that would cause a loss of
  connection. The mlx4 driver was updated, resolving the race condition and
  allowing proper connectivity. (BZ#1182246)

• The MRG Realtime kernel did not contain the appropriate code to resume
  after a device failed, causing the volume status after a repair to not be
  properly updated. A “refresh needed” was still listed in the “lvs” output
  after executing the “lvchange --refresh” command. A patch was added that
  adds the ability to correctly restore a transiently failed device upon
  resume. (BZ#1159803)

• The sosreport executable would hang when reading
  /proc/net/rpc/use-gss-proxy because of faulty wait_queue logic in the proc
  handler. This wait_queue logic was removed from the proc handler, allowing
  the reads to correctly return the current state. (BZ#1169900)

Enhancements:

• The MRG Realtime kernel-rt sources have been modified to take advantage
  of the updated 3.10 kernel sources that are available with the Red Hat
  Enterprise Linux 7 releases. (BZ#1172844)

• The MRG Realtime version of the e1000e driver has been updated to provide
  support for the Intel I218-LM network adapter. (BZ#1191767)

• The MRG Realtime kernel was updated to provide support for the
  Mellanox Connect-IB (mlx5). (BZ#1171363)

• The rt-firmware package has been updated to provide additional firmware
  files required by the new version of the Red Hat Enterprise MRG 2.5 kernel
  (BZ#1184251)

All kernel-rt users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take effect.