(RHSA-2018:1130) Important: kernel security and bug fix update

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

• kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)

• kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)

• kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)

• kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)

• kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)

• kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)

• kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)

• kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Mohamed Ghannam for reporting CVE-2017-8824; Jan H. Schönherr (Amazon) for reporting CVE-2017-1000252; and Armis Labs for reporting CVE-2017-1000410.

Bug Fix(es):

These updated kernel packages include also numerous bug fixes. Space precludes documenting all of these bug fixes in this advisory. See the bug fix descriptions in the related Knowledge Article:
https://access.redhat.com/articles/3411331