9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.8%
The kernel packages contain the Linux kernel, the core of any Linux
operating system.
Security Fix(es):
Red Hat would like to thank Ari Kauppi for reporting this issue.
Bug Fix(es):
Previously, a race condition between Linux kernel module error handling and kprobe registration code existed in the Linux kernel. The protection that was applied during module error handling code could be overridden by kprobe registration code before the module was deallocated. Consequently, the mapped page could be freed and become not ‘writable’. When this page was later accessed, a page fault occurred, which led to a kernel panic. This update fixes the race condition, and the kernel no longer panics due to this bug. (BZ#1454683)
Due to a race with another NFS mount, the nfs41_walk_client_list() function previously established a lease on the nfs_client pointer before the check for trunking was finished. This update ensures the processes follow the correct order and the race no longer occurs in this scenario. (BZ#1447383)
If a duplicate IPv6 address or an issue setting an address was present in the net/ipv6/addrconf.c file, a race condition occurred that could cause an IFP refcount leak. Attempts to unregister a netdevice then produced “Unregister Netdevice Failed” error messages. The provided patch fixes this bug, and race conditions no longer occur in this situation. (BZ#1449103)
Previously, subtracting from vCPU threads could cause a steal_time overflow on QEMU live migration. This update makes sure steal_time accumulation to vCPU entry time is moved before copying steal_time data to QEMU guest, thus fixing this bug. (BZ#1274919)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | x86_64 | kernel-debug | < 3.10.0-327.58.1.el7 | kernel-debug-3.10.0-327.58.1.el7.x86_64.rpm |
RedHat | 7 | ppc64le | kernel-debuginfo | < 3.10.0-327.58.1.el7 | kernel-debuginfo-3.10.0-327.58.1.el7.ppc64le.rpm |
RedHat | 7 | x86_64 | perf-debuginfo | < 3.10.0-327.58.1.el7 | perf-debuginfo-3.10.0-327.58.1.el7.x86_64.rpm |
RedHat | 7 | x86_64 | kernel-debug-devel | < 3.10.0-327.58.1.el7 | kernel-debug-devel-3.10.0-327.58.1.el7.x86_64.rpm |
RedHat | 7 | ppc64 | perf | < 3.10.0-327.58.1.el7 | perf-3.10.0-327.58.1.el7.ppc64.rpm |
RedHat | 7 | ppc64le | kernel-headers | < 3.10.0-327.58.1.el7 | kernel-headers-3.10.0-327.58.1.el7.ppc64le.rpm |
RedHat | 7 | ppc64 | kernel-headers | < 3.10.0-327.58.1.el7 | kernel-headers-3.10.0-327.58.1.el7.ppc64.rpm |
RedHat | 7 | ppc64 | kernel-debug-debuginfo | < 3.10.0-327.58.1.el7 | kernel-debug-debuginfo-3.10.0-327.58.1.el7.ppc64.rpm |
RedHat | 7 | x86_64 | kernel-tools | < 3.10.0-327.58.1.el7 | kernel-tools-3.10.0-327.58.1.el7.x86_64.rpm |
RedHat | 7 | ppc64 | kernel-tools-libs | < 3.10.0-327.58.1.el7 | kernel-tools-libs-3.10.0-327.58.1.el7.ppc64.rpm |
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.905 High
EPSS
Percentile
98.8%