Lucene search

K
redhatRedHatRHSA-2015:0751
HistoryMar 30, 2015 - 12:00 a.m.

(RHSA-2015:0751) Important: kernel-rt security and bug fix update

2015-03-3000:00:00
access.redhat.com
48

EPSS

0.058

Percentile

93.5%

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

  • It was found that the Linux kernel’s Infiniband subsystem did not
    properly sanitize input parameters while registering memory regions from
    user space via the (u)verbs API. A local user with access to a
    /dev/infiniband/uverbsX device could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2014-8159,
    Important)

  • A use-after-free flaw was found in the way the Linux kernel’s SCTP
    implementation handled authentication key reference counting during INIT
    collisions. A remote attacker could use this flaw to crash the system or,
    potentially, escalate their privileges on the system. (CVE-2015-1421,
    Important)

Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue.
The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.

The MRG-Realtime 3.10 kernel-rt sources have been updated to include the
following bug fixes:

  • The kdump service could become unresponsive due to a deadlock in the
    kernel call ioapic_lock.

  • Attempt to make metadata changes such as creating a thin device or
    snapshot thin device did not error out cleanly.

(BZ#1201384)

This update also fixes the following bug:

  • The MRG kernel scheduler code was missing checks for the PREEMPT_LAZY
    flag allowing tasks to be preempted more times than necessary causing
    latency spikes on the system. Additional checks for the PREEMPT_LAZY flag
    were added to the check_preempt_wakeup() and check_preempt_curr() functions
    in the scheduler code so that preempt wakeups were reduced and these
    latency spikes were removed. (BZ#1157949)

All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues. The system must be rebooted for this update to take
effect.