The kernel packages contain the Linux kernel, the core of any Linux
- It was found that the Linux kernel's implementation of vectored pipe read
and write functionality did not take into account the I/O vectors that were
already processed when retrying after a failed atomic access operation,
potentially resulting in memory corruption due to an I/O vector array
overrun. A local, unprivileged user could use this flaw to crash the system
or, potentially, escalate their privileges on the system. (CVE-2015-1805,
The security impact of this issue was discovered by Red Hat.
This update also fixes the following bug:
- Previously, the signal delivery paths did not clear the TS_USEDFPU flag,
which could confuse the switch_to() function and lead to floating-point
unit (FPU) corruption. With this update, TS_USEDFPU is cleared as expected,
and FPU is no longer under threat of corruption. (BZ#1214239)
All kernel users are advised to upgrade to these updated packages, which
contain backported patches to correct these issues. The system must be
rebooted for this update to take effect.