Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-8389

kernel update [RHEL6.8 2.6.32-642.3.1.el6]

Details

    • Bug
    • Resolution: Fixed
    • Minor
    • Lustre 2.9.0
    • None
    • None
    • 3
    • 9223372036854775807

    Description

      Security Fix:

      • A flaw was found in the way certain interfaces of the Linux kernel's
        Infiniband subsystem used write() as bi-directional ioctl() replacement, which
        could lead to insufficient memory security checks when being invoked using the
        the splice() system call. A local unprivileged user on a system with either
        Infiniband hardware present or RDMA Userspace Connection Manager Access module
        explicitly loaded, could use this flaw to escalate their privileges on the
        system. (CVE-2016-4565, Important)

      This update also fixes the following bugs:

      • When providing some services and using the Integrated Services Digital Network
        (ISDN), the system could terminate unexpectedly due to the call of the
        tty_ldisc_flush() function. The provided patch removes this call and the system
        no longer hangs in the described scenario. (BZ#1337443)
      • An update to the Red Hat Enterprise Linux 6.8 kernel added calls of two
        functions provided by the ipv6.ko kernel module, which added a dependency on
        that module. On systems where ipv6.ko was prevented from being loaded, the
        nfsd.ko and lockd.ko modules were unable to be loaded. Consequently, it was not
        possible to run an NFS server or to mount NFS file systems as a client. The
        underlying source code has been fixed by adding the symbol_get() function, which
        determines if nfsd.ko and lock.ko are loaded into memory and calls them through
        function pointers, not directly. As a result, the aforementioned kernel modules
        are allowed to be loaded even if ipv6.ko is not, and the NFS mount works as
        expected. (BZ#1341496)
      • After upgrading the kernel, CPU load average increased compared to the prior
        kernel version due to the modification of the scheduler. The provided patch set
        reverts the calculation algorithm of this load average to the the previous
        version thus resulting in relatively lower values under the same system load.
        (BZ#1343015)

      Bugs fixed (https://bugzilla.redhat.com/):

      1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko

      Attachments

        Activity

          People

            bogl Bob Glossman (Inactive)
            bogl Bob Glossman (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: