|
Security Fix:
- A flaw was found in the way certain interfaces of the Linux kernel's
Infiniband subsystem used write() as bi-directional ioctl() replacement, which
could lead to insufficient memory security checks when being invoked using the
the splice() system call. A local unprivileged user on a system with either
Infiniband hardware present or RDMA Userspace Connection Manager Access module
explicitly loaded, could use this flaw to escalate their privileges on the
system. (CVE-2016-4565, Important)
This update also fixes the following bugs:
- When providing some services and using the Integrated Services Digital Network
(ISDN), the system could terminate unexpectedly due to the call of the
tty_ldisc_flush() function. The provided patch removes this call and the system
no longer hangs in the described scenario. (BZ#1337443)
- An update to the Red Hat Enterprise Linux 6.8 kernel added calls of two
functions provided by the ipv6.ko kernel module, which added a dependency on
that module. On systems where ipv6.ko was prevented from being loaded, the
nfsd.ko and lockd.ko modules were unable to be loaded. Consequently, it was not
possible to run an NFS server or to mount NFS file systems as a client. The
underlying source code has been fixed by adding the symbol_get() function, which
determines if nfsd.ko and lock.ko are loaded into memory and calls them through
function pointers, not directly. As a result, the aforementioned kernel modules
are allowed to be loaded even if ipv6.ko is not, and the NFS mount works as
expected. (BZ#1341496)
- After upgrading the kernel, CPU load average increased compared to the prior
kernel version due to the modification of the scheduler. The provided patch set
reverts the calculation algorithm of this load average to the the previous
version thus resulting in relatively lower values under the same system load.
(BZ#1343015)
Bugs fixed (https://bugzilla.redhat.com/):
1310570 - CVE-2016-4565 kernel: infiniband: Unprivileged process can overwrite kernel memory using rdma_ucm.ko
|