Details
-
Bug
-
Resolution: Fixed
-
Minor
-
None
-
None
-
3
-
9223372036854775807
Description
Security Fix(es):
A race condition was found in the Linux kernel, present since v3.14-rc1 through v4.12. The race happens between threads of inotify_handle_event() and vfs_rename() while running the rename operation against the same file. As a result of the race the next slab data or the slab's free list pointer can be corrupted with attacker-controlled data. (CVE-2017-7533, Important)
Bug Fix(es):
Previously, direct I/O read operations going past EOF returned an invalid error number, instead of reading 0 bytes and returning success, if these operations were in same XFS block with EOF. Consequently, creating multiple VMs from a Red Hat Enterprise Linux 7.4 template caused all the VMs to become unresponsive in the 'Image Locked' state. This update fixes the direct I/O feature of the file system, and VMs created from a Red Hat Enterprise Linux 7.4 template now work as expected. (BZ#1475669)
Bugs fixed (https://bugzilla.redhat.com/):
BZ - 1468283 - CVE-2017-7533 kernel: a race between inotify_handle_event() and sys_rename()