1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2017:2077

[RHSA-2017:2077] kernel-rt security, bug fix, and enhancement update

Severity Important
Affected Packages 10
CVEs 36
Info Packages References Vulnerabilities

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • An use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)

  • A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)

  • It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)

This update also fixes multiple Moderate and Low impact security issues:

  • CVE-2015-8839, CVE-2015-8970, CVE-2016-9576, CVE-2016-7042, CVE-2016-7097, CVE-2016-8645, CVE-2016-9576, CVE-2016-9588, CVE-2016-9806, CVE-2016-10088, CVE-2016-10147, CVE-2017-2596, CVE-2017-2671, CVE-2017-5970, CVE-2017-6001, CVE-2017-6951, CVE-2017-7187, CVE-2017-7616, CVE-2017-7889, CVE-2017-8890, CVE-2017-9074, CVE-2017-8890, CVE-2017-9075, CVE-2017-8890, CVE-2017-9076, CVE-2017-8890, CVE-2017-9077, CVE-2017-9242, CVE-2014-7970, CVE-2014-7975, CVE-2016-6213, CVE-2016-9604, CVE-2016-9685

Documentation for these issues is available from the Release Notes document linked from the References section.

Red Hat would like to thank Igor Redko (Virtuozzo) and Andrey Ryabinin (Virtuozzo) for reporting CVE-2017-2647; Igor Redko (Virtuozzo) and Vasily Averin (Virtuozzo) for reporting CVE-2015-8970; Marco Grassi for reporting CVE-2016-8645; and Dmitry Vyukov (Google Inc.) for reporting CVE-2017-2596. The CVE-2016-7042 issue was discovered by Ondrej Kozina (Red Hat); the CVE-2016-7097 issue was discovered by Andreas Gruenbacher (Red Hat) and Jan Kara (SUSE); the CVE-2016-6213 and CVE-2016-9685 issues were discovered by Qian Cai (Red Hat); and the CVE-2016-9604 issue was discovered by David Howells (Red Hat).

Additional Changes:

For detailed information on other changes in this release, see the Red Hat Enterprise Linux 7.4 Release Notes linked from the References section.

Package Affected Version
pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-trace?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-trace-kvm?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-trace-devel?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-doc?distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-7 < 3.10.0-693.rt56.617.el7
ID
RHSA-2017:2077
Severity
important
URL
https://access.redhat.com/errata/RHSA-2017:2077
Published
2017-08-01T00:00:00
(7 years ago)
Modified
2017-08-01T00:00:00
(7 years ago)
Rights
Copyright 2017 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 1151095 https://bugzilla.redhat.com/1151095
Bugzilla 1151108 https://bugzilla.redhat.com/1151108
Bugzilla 1323577 https://bugzilla.redhat.com/1323577
Bugzilla 1356471 https://bugzilla.redhat.com/1356471
Bugzilla 1368938 https://bugzilla.redhat.com/1368938
Bugzilla 1373966 https://bugzilla.redhat.com/1373966
Bugzilla 1386286 https://bugzilla.redhat.com/1386286
Bugzilla 1389433 https://bugzilla.redhat.com/1389433
Bugzilla 1393904 https://bugzilla.redhat.com/1393904
Bugzilla 1396941 https://bugzilla.redhat.com/1396941
Bugzilla 1401502 https://bugzilla.redhat.com/1401502
Bugzilla 1403145 https://bugzilla.redhat.com/1403145
Bugzilla 1404200 https://bugzilla.redhat.com/1404200
Bugzilla 1404924 https://bugzilla.redhat.com/1404924
Bugzilla 1412210 https://bugzilla.redhat.com/1412210
Bugzilla 1413001 https://bugzilla.redhat.com/1413001
Bugzilla 1416126 https://bugzilla.redhat.com/1416126
Bugzilla 1417812 https://bugzilla.redhat.com/1417812
Bugzilla 1421638 https://bugzilla.redhat.com/1421638
Bugzilla 1422825 https://bugzilla.redhat.com/1422825
Bugzilla 1428353 https://bugzilla.redhat.com/1428353
Bugzilla 1430347 https://bugzilla.redhat.com/1430347
Bugzilla 1433252 https://bugzilla.redhat.com/1433252
Bugzilla 1434327 https://bugzilla.redhat.com/1434327
Bugzilla 1436649 https://bugzilla.redhat.com/1436649
Bugzilla 1441088 https://bugzilla.redhat.com/1441088
Bugzilla 1444493 https://bugzilla.redhat.com/1444493
Bugzilla 1450261 https://bugzilla.redhat.com/1450261
Bugzilla 1450972 https://bugzilla.redhat.com/1450972
Bugzilla 1452679 https://bugzilla.redhat.com/1452679
Bugzilla 1452688 https://bugzilla.redhat.com/1452688
Bugzilla 1452691 https://bugzilla.redhat.com/1452691
Bugzilla 1452744 https://bugzilla.redhat.com/1452744
Bugzilla 1456388 https://bugzilla.redhat.com/1456388
Bugzilla 1466329 https://bugzilla.redhat.com/1466329
Bugzilla 1671869 https://bugzilla.redhat.com/1671869
RHSA RHSA-2017:2077 https://access.redhat.com/errata/RHSA-2017:2077
CVE CVE-2014-7970 https://access.redhat.com/security/cve/CVE-2014-7970
CVE CVE-2014-7975 https://access.redhat.com/security/cve/CVE-2014-7975
CVE CVE-2015-8839 https://access.redhat.com/security/cve/CVE-2015-8839
CVE CVE-2015-8970 https://access.redhat.com/security/cve/CVE-2015-8970
CVE CVE-2016-10088 https://access.redhat.com/security/cve/CVE-2016-10088
CVE CVE-2016-10147 https://access.redhat.com/security/cve/CVE-2016-10147
CVE CVE-2016-10200 https://access.redhat.com/security/cve/CVE-2016-10200
CVE CVE-2016-10741 https://access.redhat.com/security/cve/CVE-2016-10741
CVE CVE-2016-6213 https://access.redhat.com/security/cve/CVE-2016-6213
CVE CVE-2016-7042 https://access.redhat.com/security/cve/CVE-2016-7042
CVE CVE-2016-7097 https://access.redhat.com/security/cve/CVE-2016-7097
CVE CVE-2016-8645 https://access.redhat.com/security/cve/CVE-2016-8645
CVE CVE-2016-9576 https://access.redhat.com/security/cve/CVE-2016-9576
CVE CVE-2016-9588 https://access.redhat.com/security/cve/CVE-2016-9588
CVE CVE-2016-9604 https://access.redhat.com/security/cve/CVE-2016-9604
CVE CVE-2016-9685 https://access.redhat.com/security/cve/CVE-2016-9685
CVE CVE-2016-9806 https://access.redhat.com/security/cve/CVE-2016-9806
CVE CVE-2017-2584 https://access.redhat.com/security/cve/CVE-2017-2584
CVE CVE-2017-2596 https://access.redhat.com/security/cve/CVE-2017-2596
CVE CVE-2017-2647 https://access.redhat.com/security/cve/CVE-2017-2647
CVE CVE-2017-2671 https://access.redhat.com/security/cve/CVE-2017-2671
CVE CVE-2017-5551 https://access.redhat.com/security/cve/CVE-2017-5551
CVE CVE-2017-5970 https://access.redhat.com/security/cve/CVE-2017-5970
CVE CVE-2017-6001 https://access.redhat.com/security/cve/CVE-2017-6001
CVE CVE-2017-6951 https://access.redhat.com/security/cve/CVE-2017-6951
CVE CVE-2017-7187 https://access.redhat.com/security/cve/CVE-2017-7187
CVE CVE-2017-7495 https://access.redhat.com/security/cve/CVE-2017-7495
CVE CVE-2017-7616 https://access.redhat.com/security/cve/CVE-2017-7616
CVE CVE-2017-7889 https://access.redhat.com/security/cve/CVE-2017-7889
CVE CVE-2017-8797 https://access.redhat.com/security/cve/CVE-2017-8797
CVE CVE-2017-8890 https://access.redhat.com/security/cve/CVE-2017-8890
CVE CVE-2017-9074 https://access.redhat.com/security/cve/CVE-2017-9074
CVE CVE-2017-9075 https://access.redhat.com/security/cve/CVE-2017-9075
CVE CVE-2017-9076 https://access.redhat.com/security/cve/CVE-2017-9076
CVE CVE-2017-9077 https://access.redhat.com/security/cve/CVE-2017-9077
CVE CVE-2017-9242 https://access.redhat.com/security/cve/CVE-2017-9242
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/kernel-rt?arch=x86_64&distro=redhat-7 redhat kernel-rt < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-trace?arch=x86_64&distro=redhat-7 redhat kernel-rt-trace < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-trace-kvm?arch=x86_64&distro=redhat-7 redhat kernel-rt-trace-kvm < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-trace-devel?arch=x86_64&distro=redhat-7 redhat kernel-rt-trace-devel < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-kvm?arch=x86_64&distro=redhat-7 redhat kernel-rt-kvm < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-doc?distro=redhat-7 redhat kernel-rt-doc < 3.10.0-693.rt56.617.el7 redhat-7
Affected pkg:rpm/redhat/kernel-rt-devel?arch=x86_64&distro=redhat-7 redhat kernel-rt-devel < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-debug?arch=x86_64&distro=redhat-7 redhat kernel-rt-debug < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-debug-kvm?arch=x86_64&distro=redhat-7 redhat kernel-rt-debug-kvm < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
Affected pkg:rpm/redhat/kernel-rt-debug-devel?arch=x86_64&distro=redhat-7 redhat kernel-rt-debug-devel < 3.10.0-693.rt56.617.el7 redhat-7 x86_64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date