Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
3
-
9223372036854775807
Description
RHEL 7.5 was just announced as released. It is now officially GA as of 4/10/18.
This mod represents switching our supported el7 version from RHEL 7.4 to RHEL 7.5
Details of the kernel upgrade will follow in comments.
Attachments
Issue Links
Activity
Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/32371
Subject: LU-10897 kernel: kernel upgrade RHEL7.5 [3.10.0-862.2.3.el7]
Project: fs/lustre-release
Branch: b2_10
Current Patch Set: 1
Commit: ad7ec34154b4568ae73fcbcae60d8e593114a886
Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/32370
Subject: LU-10897 kernel: kernel upgrade RHEL7.5 [3.10.0-862.2.3.el7]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: fcbc54cb7d1747be641e20864c7dd58c4bd6ae1d
Centos 7.5 was released 5/10.
It includes the kernel update to 3.10.0-862.2.3
Update details.
Security Fix(es):
Kernel: KVM: error in exception handling leads to wrong debug stack value (CVE-2018-1087)
Kernel: error in exception handling leads to DoS (CVE-2018-8897)
Kernel: ipsec: xfrm: use-after-free leading to potential privilege escalation (CVE-2017-16939)
kernel: Out-of-bounds write via userland offsets in ebt_entry struct in netfilter/ebtables.c (CVE-2018-1068)
kernel: ptrace() incorrect error handling leads to corruption and DoS (CVE-2018-1000199)
kernel: guest kernel crash during core dump on POWER9 host (CVE-2018-1091)
Bug fixes:
After Enhanced Error Handling (EEH) recovery of PCI errors involving the Non-Volatile Memory Express (NVMe) device, the NVMe device driver did not automatically bind to the NVMe device. As a consequence, the NVMe device became inaccessible. With this update, the NVMe device driver is able to rebind to the NVMe device after EEH recovery. As a result, the NVMe device is accessible again after EEH recovery of PCI errors involving the NVMe device. (BZ#1561894)
Previously, certain Intel Xeon v5 processors had incorrect time frequency settings. As a consequence, a 1 second error was introduced every 10 minutes relative to the system master clock. This update provides the correct time frequency settings. As a result, the system time now runs precisely. (BZ#1563088)
Previously, removing a physical CPU from a running system triggered a redundant warning message. This update prevents resetting the processor id value during removal. As a result the warning message no longer appears. (BZ#1563091)
This update disables the mitigation for the Meltdown attack to improve the system performance. In certain secure environments, a system administrator prefers the system performance to its security. Note that the system is vulnerable to the attack as a result of the mitigation for Meltdown being disabled. (BZ#1563096)
Previously, the nfs_commit_inode() function did not respect the FLUSH_SYNC argument and exited even if there were already the in-flight COMMIT requests. As a consequence, the mmap() system call occasionally returned the EBUSY error on NFS, and CPU soft lockups occurred during a writeback on NFS. This update fixes nfs_commit_inode() to respect FLUSH_SYNC. As a result, mmap() does not return EBUSY, and the CPU soft lockups no longer occur during NFS writebacks. (BZ#1563103)
Previously, a Z8G4 workstation failed to enter suspend mode (S3), since the MSI-X vectors of the i40e driver were released while still in use by the i40iw client. As a consequence, the system became unresponsive on entering S3. This update fixes i40e to close before releasing its MSI-X vectors. As a result, Z8G4 now enters S3 and resumes correctly. (BZ#1563106)
Previously, the UEFI top-level page table was not configured properly to work with the page table isolation (PTI) feature. As a consequence, certain memory locations got corrupted and page tables were set incorrectly, which caused random crashes or system reboots without any error message. With this update, the UEFI top-level page table has been modified to reflect the PTI requirement. As a result, the described problems no longer occur. (BZ#1565700)
Previously, the result of the prepare_ioctl() function was dropped too early. As a consequence, the ioctl system call and persistent reservations were issued to a partition without checking permissions of the CAP_SYS_RAWIO capability. This update stores the prepare_ioctl() return value in a different variable. As a result, ioctl and persistent reservations issued to the partition are now checked for permissions properly. (BZ#1567746)
Previously, keys for the Advanced Encryption Standard in Galois Counter Mode (AES-GCM) encryption, that were bigger than 128 b, called the wrong handlers for encryption and decryption, in case that Intel AES New Instructions (Intel AES-NI) extension was enabled. As a consequence, any Internet Protocol Security (IPsec) setup using the described configuration failed to transmit data through the IPsec Tunnel Mode. This update verifies the key length and points to the correct handlers. As a result, data are successfully transmitted through the IPsec Tunnel Mode under the described conditions. (BZ#1570537)
Previously, boot IRQ mode did not restore successfully during reboot. As a consequence, the guest kernel printed a warning message when the kexec and kdump tools were loaded, and kdump became unresponsive during stress tests occasionally. This update ensures that IRQ mode restores correctly during reboot. As a result, the warning message does not appear and kdump no longer becomes unresponsive in the described scenario. (BZ#1563108)
a kernel update was already announced for RHEL 7.5, dated 5/8.
kernel version in the update is 3.10.0-862.2.3
Since we haven't landed the el7.5 upgrade yet we will probably just fold the update into it before landing.
Have attached the 2.10 version of the build patch for el7.5. It may be used by early adopters to build with until we have it officially landed on b2_10.
Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/31961
Subject: LU-10897 kernel: kernel upgrade RHEL7.5 [3.10.0-862.el7]
Project: fs/lustre-dev
Branch: pre_release_b2_10
Current Patch Set: 1
Commit: fe4344af6e85778ae239412aa2a3bcee9b1faed0
Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/31937
Subject: LU-10897 kernel: kernel upgrade RHEL7.5 [3.10.0-862.el7]
Project: fs/lustre-dev
Branch: pre_release_master
Current Patch Set: 1
Commit: 65fc1778dfb8c5de311cbb4c4262084e6d179aa1
Security Fix(es):
hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important, KVM for Power)
kernel: Buffer overflow in firewire driver via crafted incoming packets (CVE-2016-8633, Important)
kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824, Important)
Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register (CVE-2017-12154, Important)
kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166, Important)
kernel: media: use-after-free in [tuner-xc2028] media driver (CVE-2016-7913, Moderate)
kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl() (CVE-2017-7294, Moderate)
kernel: Incorrect type conversion for size during dma allocation (CVE-2017-9725, Moderate)
kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)
kernel: vfs: BUG in truncate_inode_pages_range() and fuse client (CVE-2017-15121, Moderate)
kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c (CVE-2017-15126, Moderate)
kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)
kernel: Use-after-free in snd_seq_ioctl_create_port() (CVE-2017-15265, Moderate)
kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)
kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)
kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow (CVE-2017-17558, Moderate)
kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017, Moderate)
kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service (CVE-2017-18203, Moderate)
kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ (CVE-2017-1000252, Moderate)
Kernel: KVM: DoS via write flood to I/O port 0x80 (CVE-2017-1000407, Moderate)
kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)
kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass (CVE-2018-5750, Moderate)
kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)
kernel: multiple Low security impact security issues (CVE-2016-3672, CVE-2017-14140, CVE-2017-15116, CVE-2017-15127, CVE-2018-6927, Low)
For detailed information on changes in this release, see RHEL 7.5 Release Notes
Fixes
BZ - 1132610 - nfsd does not release free space of a file created with dd oflag=direct where there was no space left on device even after manual deletion
BZ - 1324749 - CVE-2016-3672 kernel: unlimiting the stack disables ASLR
BZ - 1334439 - Unable to disable IPv6 DAD or Optimistic DAD for all interfaces
BZ - 1372079 - ixgbe nic is falsely advertising MII support
BZ - 1391490 - CVE-2016-8633 kernel: Buffer overflow in firewire driver via crafted incoming packets
BZ - 1402885 - CVE-2016-7913 kernel: media: use-after-free in [tuner-xc2028] media driver
BZ - 1436798 - CVE-2017-7294 kernel: drm/vmwgfx: fix integer overflow in vmw_surface_define_ioctl()
BZ - 1450205 - Gratuitous ARP updates received in span of 2-3 seconds time frame are all ignored
BZ - 1458032 - [Intel 7.5 Bug] KVMGT: Bogus PCI BAR emulation
BZ - 1460213 - cls_matchall: kernel panic when used with classful qdiscs
BZ - 1461282 - kernel: ICMP rate limiting is too aggressive on loopback
BZ - 1471875 - soft lockups during unmount when dentry cache is very large
BZ - 1488329 - CVE-2017-14140 kernel: Missing permission check in move_pages system call
BZ - 1489088 - CVE-2017-9725 kernel: Incorrect type conversion for size during dma allocation
BZ - 1489542 - Behavior change in autofs expiry timer when a path walk is done following commit from BZ 1413523
BZ - 1490673 - Kernel Panic always happen immediately whenever make "debug.panic_on_rcu_stall=1" set on RHEL7.4
BZ - 1490781 - CVE-2017-1000252 kernel: kvm: Reachable BUG() on out-of-bounds guest IRQ
BZ - 1491224 - CVE-2017-12154 Kernel: kvm: nVMX: L2 guest could access hardware(L0) CR8 register
BZ - 1493125 - [RFE] Kernel address space layout randomization [KASLR] qemu support (kernel)
BZ - 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors
BZ - 1496836 - [RH 7.5 bug] Request for upstream commit 3664847d95e6 to be merged into RHEL 7.5/7.4
BZ - 1501878 - CVE-2017-15265 kernel: Use-after-free in snd_seq_ioctl_create_port()
BZ - 1502601 - [Hyper-V][RHEL7.4] hang when thaw on microsoft hyper-v
BZ - 1506382 - deadlock in nfs v4 client init
BZ - 1507025 - [ESXi][RHEL7.5]x86/vmware: Skip timer_irq_works() check on VMware
BZ - 1507026 - [ESXi][RHEL7.5]x86/vmware: Skip lapic calibration on VMware.
BZ - 1514609 - CVE-2017-15116 kernel: Null pointer dereference in rngapi_reset function
BZ - 1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element
BZ - 1519591 - CVE-2017-8824 kernel: Use-after-free vulnerability in DCCP socket
BZ - 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
BZ - 1520328 - CVE-2017-1000407 Kernel: KVM: DoS via write flood to I/O port 0x80
BZ - 1520893 - CVE-2017-15121 kernel: vfs: BUG in truncate_inode_pages_range() and fuse client
BZ - 1523481 - CVE-2017-15126 kernel: Use-after-free in userfaultfd_event_wait_completion function in userfaultfd.c
BZ - 1525218 - CVE-2017-15127 kernel: Improper error handling of VM_SHARED hugetlbfs mapping in mm/hugetlb.c
BZ - 1525474 - CVE-2017-17558 kernel: Unallocated memory access by malicious USB device via bNumInterfaces overflow
BZ - 1525762 - CVE-2017-17449 kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
BZ - 1525768 - CVE-2017-17448 kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure
BZ - 1531135 - CVE-2017-18017 kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c
BZ - 1531174 - CVE-2017-15129 kernel: net: double-free and memory corruption in get_net_ns_by_id()
BZ - 1534272 - md: raid0 device creation prints blank line to journalctl
BZ - 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service
BZ - 1539706 - CVE-2018-5750 kernel: Kernel address information leak in drivers/acpi/sbshc.c:acpi_smbus_hc_add() function potentially allowing KASLR bypass
BZ - 1542013 - RHEL-7.5: Cannot set port mirroring onto two interface
BZ - 1544612 - CVE-2018-6927 kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact
BZ - 1548412 - CVE-2017-13166 kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation
BZ - 1550811 - CVE-2017-18203 kernel: Race condition in drivers/md/dm.c:dm_get_from_kobject() allows local users to cause a denial of service
CVEs
CVE-2016-3672
CVE-2016-7913
CVE-2016-8633
CVE-2017-7294
CVE-2017-8824
CVE-2017-9725
CVE-2017-12154
CVE-2017-12190
CVE-2017-13166
CVE-2017-14140
CVE-2017-15116
CVE-2017-15121
CVE-2017-15126
CVE-2017-15127
CVE-2017-15129
CVE-2017-15265
CVE-2017-17448
CVE-2017-17449
CVE-2017-17558
CVE-2017-18017
CVE-2017-18203
CVE-2017-1000252
CVE-2017-1000407
CVE-2017-1000410
CVE-2018-5750
CVE-2018-6927
CVE-2018-1000004
John L. Hammond (john.hammond@intel.com) merged in patch https://review.whamcloud.com/32371/
Subject:
LU-10897kernel: kernel upgrade RHEL7.5 [3.10.0-862.2.3.el7]Project: fs/lustre-release
Branch: b2_10
Current Patch Set:
Commit: fd3c774ed8b0e97d9d30c8d8f36dab0b55b246b4