Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
3
-
9223372036854775807
Description
Security Fix(es):
hw: cpu: speculative execution permission faults handling (CVE-2017-5754)
Kernel: error in exception handling leads to DoS (CVE-2018-8897)
kernel: nfsd: Incorrect handling of long RPC replies (CVE-2017-7645)
kernel: Use-after-free vulnerability in DCCP socket (CVE-2017-8824)
kernel: v4l2: disabled memory access protection mechanism allowing privilege escalation (CVE-2017-13166)
kernel: netfilter: use-after-free in tcpmss_mangle_packet function in net/netfilter/xt_TCPMSS.c (CVE-2017-18017)
kernel: Stack information leak in the EFS element (CVE-2017-1000410)
Bug Fixes:
If an application opened multiple streams to the same destination IP and port, the xmit_hash_policy bonding parameter based on the layer 3+4 addressing always hashed all these streams to the same interface. Consequently, all outbound connections used an even-ephemeral port. This update fixes the bonding driver to discard the lowest hash bit for 802.3ad layer 3+4. As a result, ephemeral port selection is now a random mix of odd and even port numbers, and network traffic is balanced between the slaves. (BZ#1550103)
Prior to this update, a rounding error resulted in incorrect page table directory (PGD) synchronization, resulting in missing memory mappings for hot-plugged memory. As a consequence, memory hot-plug events on virtual machines crossign 0.5 TiB boundaries resulted in a system crash. This update introduces a fix to the rounding of the boundary calculation and ensures that PGDs are correctly synchronized, no mappings are missing, and systems remain stable after hot-plugging new memory. (BZ#1551471)
Previously, when a virtio Network Interface Card (NIC) received a short frame from the guest, the virtio interface stopped transmitting any Ethernet packets. As a consequence, packets transmitted by the guest never appeared on the hypervisor virtual network (vnet) device. With this update, packets smaller than the usual size are dropped, and the virtio interface transmits packets correctly. (BZ#1557896)
A patch that fixed a crash in "clear_inode()" was previously added to the RHEL6 kernel. However, this patch introduced a side-effect where it was possible for an infinite loop and soft lockup to occur while using the "drop_caches()" interface to reclaim memory and if all page entries found by "find_get_pages()" were all swap entries. This update provides a fix to both the inifinite loop and the soft lockup. (BZ#1565989)
Prior to this update, missing checks in the bnx2x driver in code paths that implement the Precision Time Protocol (PTP) could cause a kernel crash if a PTP device was accessed while the bnx2x network interface associated with it was down. This update adds checks which cause the bnx2x driver to return an error code if the interface is down, and attempts to access a PTP device when its bnx2x interface is down now produces an error instead of causing a kernel crash. (BZ#1538586)
A bug caused by incorrect control register handling could previously cause user processes to crash on instructions related to transactional execution such as "TBEGIN". This update implements correct control register handling for transactional execution, and user processes no longer crash when running instructions related to it. (BZ#1538591)
Previously, the runqueue on systems with overcommitted CPUs was prone to ignoring clock updates. As a consequence, the runqueue was limited, which prevented critical tasks and their dependent tasks from running. This update ensures that the runqueue does not ignore the clock updates. As a result, the critical tasks and their dependant tasks are able to run in such situations. (BZ#1551475)
The kernel build requirements have been updated to the GNU Compiler Collection (GCC) compiler version that has the support for Retpolines. The Retpolines mechanism is a software construct that leverages specific knowledge of the underlying hardware to mitigate the branch target injection, also known as Spectre variant 2 vulnerability described in CVE-2017-5715. (BZ#1554252)
Previously, a missing check caused the kernel to process more than 16 Storage Block Address List (SBAL) elements. When this happened, running user programs using AF_IUCV sockets with HiperSockets transport could cause the kernel to crash. This update adds a check to ensure that no more than 16 SBAL elements are processed, and the kernel crash no longer happens. (BZ#1557477)