[LU-9143] kernel update [RHEL7.3 3.10.0-514.6.2.el7] Created: 22/Feb/17  Updated: 11/Sep/18  Resolved: 11/Sep/18

Status: Resolved
Project: Lustre
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Minor
Reporter: Bob Glossman (Inactive) Assignee: Bob Glossman (Inactive)
Resolution: Fixed Votes: 0
Labels: None

Issue Links:
Related
is related to LU-9174 kernel update [RHEL7.3 3.10.0-514.10.... Resolved
Severity: 3
Rank (Obsolete): 9223372036854775807

 Description   

Security Fix(es):

  • A use-after-free flaw was found in the way the Linux kernel's Datagram
    Congestion Control Protocol (DCCP) implementation freed SKB (socket buffer)
    resources for a DCCP_PKT_REQUEST packet when the IPV6_RECVPKTINFO option is set
    on the socket. A local, unprivileged user could use this flaw to alter the
    kernel memory, allowing them to escalate their privileges on the system.
    (CVE-2017-6074, Important)

Bugs fixed (https://bugzilla.redhat.com/):

1423071 - CVE-2017-6074 kernel: use after free in dccp protocol

 Comments   
Comment by Gerrit Updater [ 23/Feb/17 ]

Bob Glossman (bob.glossman@intel.com) uploaded a new patch: https://review.whamcloud.com/25598
Subject: LU-9143 kernel: kernel update RHEL7.3 [3.10.0-514.6.2.el7]
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: a1a3dabb8147b79bb60c72100963e703393c12bb

Comment by Oleg Drokin [ 03/Mar/17 ]

this one is a serious bug on the clients that people would want fixed.
Luckily it's just hte clients, but unfortunately we don't have EE3.0 supportign weak updates yet even with patchless clients, or do we?

Comment by Bob Glossman (Inactive) [ 06/Mar/17 ]

This ticket is obsolete. There's already a later kernel update; LU-9174. It can be landed instead.

Generated at Sat Feb 10 02:23:37 UTC 2024 using Jira 9.4.14#940014-sha1:734e6822bbf0d45eff9af51f82432957f73aa32c.