[RHSA-2016:1541] kernel-rt security and bug fix update
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)
The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate)
Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).
The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307)
This update also fixes the following bugs:
Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171)
Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)
Package | Affected Version |
---|---|
pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-trace?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-trace-kvm?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-trace-devel?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-doc?distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-7.2 | < 3.10.0-327.28.2.rt56.234.el7_2 |
- ID
- RHSA-2016:1541
- Severity
- important
- URL
- https://access.redhat.com/errata/RHSA-2016:1541
- Published
-
2016-08-02T00:00:00
(8 years ago) - Modified
-
2016-08-02T00:00:00
(8 years ago) - Rights
- Copyright 2016 Red Hat, Inc.
- Other Advisories
-
- ALAS-2016-726
- DSA-3607-1
- ELSA-2016-1539
- ELSA-2016-2006
- ELSA-2016-3591
- ELSA-2016-3592
- ELSA-2016-3593
- FEDORA-2016-1c409313f4
- FEDORA-2016-63ee0999e4
- FEDORA-2016-73a733f4d9
- RHSA-2016:1539
- RHSA-2016:2006
- SUSE-SU-2016:0585-1
- SUSE-SU-2016:0751-1
- SUSE-SU-2016:0752-1
- SUSE-SU-2016:0755-1
- SUSE-SU-2016:1937-1
- SUSE-SU-2016:1961-1
- SUSE-SU-2016:1985-1
- SUSE-SU-2016:1994-1
- SUSE-SU-2016:1995-1
- SUSE-SU-2016:1998-1
- SUSE-SU-2016:1999-1
- SUSE-SU-2016:2000-1
- SUSE-SU-2016:2001-1
- SUSE-SU-2016:2002-1
- SUSE-SU-2016:2003-1
- SUSE-SU-2016:2005-1
- SUSE-SU-2016:2006-1
- SUSE-SU-2016:2007-1
- SUSE-SU-2016:2009-1
- SUSE-SU-2016:2010-1
- SUSE-SU-2016:2011-1
- SUSE-SU-2016:2014-1
- SUSE-SU-2016:2018-1
- SUSE-SU-2016:2105-1
- SUSE-SU-2016:2245-1
- SUSE-SU-2017:0333-1
- SUSE-SU-2017:0471-1
- USN-2857-1
- USN-2857-2
- USN-2858-1
- USN-2858-2
- USN-2858-3
- USN-3049-1
- USN-3050-1
- USN-3051-1
- USN-3052-1
- USN-3053-1
- USN-3054-1
- USN-3055-1
- USN-3056-1
- USN-3057-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 1291329 | https://bugzilla.redhat.com/1291329 | |
Bugzilla | 1341716 | https://bugzilla.redhat.com/1341716 | |
RHSA | RHSA-2016:1541 | https://access.redhat.com/errata/RHSA-2016:1541 | |
CVE | CVE-2015-8660 | https://access.redhat.com/security/cve/CVE-2015-8660 | |
CVE | CVE-2016-4470 | https://access.redhat.com/security/cve/CVE-2016-4470 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-trace?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-trace | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-trace-kvm?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-trace-kvm | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-trace-devel?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-trace-devel | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-kvm | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-doc?distro=redhat-7.2 | redhat | kernel-rt-doc | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | ||
Affected | pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-devel | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-debug | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-debug-kvm | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 | |
Affected | pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-7.2 | redhat | kernel-rt-debug-devel | < 3.10.0-327.28.2.rt56.234.el7_2 | redhat-7.2 | x86_64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |