(RHSA-2015:1120) Important: kernel security and bug fix update

2015-06-16T04:00:00
ID RHSA-2015:1120
Type redhat
Reporter RedHat
Modified 2017-09-08T12:07:15

Description

The kernel packages contain the Linux kernel, the core of any Linux operating system.

  • It was found that the Linux kernel's implementation of vectored pipe read and write functionality did not take into account the I/O vectors that were already processed when retrying after a failed atomic access operation, potentially resulting in memory corruption due to an I/O vector array overrun. A local, unprivileged user could use this flaw to crash the system or, potentially, escalate their privileges on the system. (CVE-2015-1805, Important)

The security impact of this issue was discovered by Red Hat.

This update also fixes the following bug:

  • Previously, the signal delivery paths did not clear the TS_USEDFPU flag, which could confuse the switch_to() function and lead to floating-point unit (FPU) corruption. With this update, TS_USEDFPU is cleared as expected, and FPU is no longer under threat of corruption. (BZ#1214239)

All kernel users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. The system must be rebooted for this update to take effect.