(RHSA-2015:0751) Important: kernel-rt security and bug fix update

2015-03-30T04:00:00
ID RHSA-2015:0751
Type redhat
Reporter RedHat
Modified 2018-06-07T08:58:25

Description

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

  • It was found that the Linux kernel's Infiniband subsystem did not properly sanitize input parameters while registering memory regions from user space via the (u)verbs API. A local user with access to a /dev/infiniband/uverbsX device could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2014-8159, Important)

  • A use-after-free flaw was found in the way the Linux kernel's SCTP implementation handled authentication key reference counting during INIT collisions. A remote attacker could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1421, Important)

Red Hat would like to thank Mellanox for reporting the CVE-2014-8159 issue. The CVE-2015-1421 issue was discovered by Sun Baoliang of Red Hat.

The MRG-Realtime 3.10 kernel-rt sources have been updated to include the following bug fixes:

  • The kdump service could become unresponsive due to a deadlock in the kernel call ioapic_lock.

  • Attempt to make metadata changes such as creating a thin device or snapshot thin device did not error out cleanly.

(BZ#1201384)

This update also fixes the following bug:

  • The MRG kernel scheduler code was missing checks for the PREEMPT_LAZY flag allowing tasks to be preempted more times than necessary causing latency spikes on the system. Additional checks for the PREEMPT_LAZY flag were added to the check_preempt_wakeup() and check_preempt_curr() functions in the scheduler code so that preempt wakeups were reduced and these latency spikes were removed. (BZ#1157949)

All kernel-rt users are advised to upgrade to these updated packages, which correct these issues. The system must be rebooted for this update to take effect.