Uploaded image for project: 'Lustre'
  1. Lustre
  2. LU-9686

kernel update [RHEL7.3 3.10.0-514.21.2.el7]

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None
    • Severity:
      3
    • Rank (Obsolete):
      9223372036854775807

      Description

      Security Fix(es):

      • A flaw was found in the way memory was being allocated on the stack for user
        space binaries. If heap (or different memory region) and stack memory regions
        were adjacent to each other, an attacker could use this flaw to jump over the
        stack guard gap, cause controlled memory corruption on process stack or the
        adjacent memory region, and thus increase their privileges on the system. This
        is a kernel-side mitigation which increases the stack guard gap size from one
        page to 1 MiB to make successful exploitation of this issue more difficult.
        (CVE-2017-1000364, Important)

      Bugs fixed (https://bugzilla.redhat.com/):

      1461333 - CVE-2017-1000364 kernel: heap/stack gap jumping via unbounded stack allocations

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                bogl Bob Glossman (Inactive)
                Reporter:
                bogl Bob Glossman (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: