[LU-6335] kernel upgrade [RHEL7.1 3.10.0-229.el7]

Related — Wed, 12 Aug 2015 15:54:01 +0000

A flaw was found in the way the Linux kernel's XFS file system handled
replacing of remote attributes under certain conditions. A local user with
access to XFS file system mount could potentially use this flaw to escalate
their privileges on the system. (CVE-2015-0274, Important)

It was found that the Linux kernel's KVM implementation did not ensure
that the host CR4 control register value remained unchanged across VM
entries on the same virtual CPU. A local, unprivileged user could use this
flaw to cause denial of service on the system. (CVE-2014-3690, Moderate)

A flaw was found in the way Linux kernel's Transparent Huge Pages (THP)
implementation handled non-huge page migration. A local, unprivileged user
could use this flaw to crash the kernel by migrating transparent hugepages.
(CVE-2014-3940, Moderate)

An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's perf subsystem. A local, unprivileged
user could use this flaw to crash the system. (CVE-2014-7825, Moderate)

An out-of-bounds memory access flaw was found in the syscall tracing
functionality of the Linux kernel's ftrace subsystem. On a system with
ftrace syscall tracing enabled, a local, unprivileged user could use this
flaw to crash the system, or escalate their privileges. (CVE-2014-7826,
Moderate)

A race condition flaw was found in the Linux kernel's ext4 file system
implementation that allowed a local, unprivileged user to crash the system
by simultaneously writing to a file and toggling the O_DIRECT flag using
fcntl(F_SETFL) on that file. (CVE-2014-8086, Moderate)

A flaw was found in the way the Linux kernel's netfilter subsystem
handled generic protocol tracking. As demonstrated in the Stream Control
Transmission Protocol (SCTP) case, a remote attacker could use this flaw to
bypass intended iptables rule restrictions when the associated connection
tracking module was not loaded on the system. (CVE-2014-8160, Moderate)

It was found that due to excessive files_lock locking, a soft lockup
could be triggered in the Linux kernel when performing asynchronous I/O
operations. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-8172, Moderate)

A NULL pointer dereference flaw was found in the way the Linux kernel's
madvise MADV_WILLNEED functionality handled page table locking. A local,
unprivileged user could use this flaw to crash the system. (CVE-2014-8173,
Moderate)

An information leak flaw was found in the Linux kernel's IEEE 802.11
wireless networking implementation. When software encryption was used, a
remote attacker could use this flaw to leak up to 8 bytes of plaintext.
(CVE-2014-8709, Low)

A stack-based buffer overflow flaw was found in the TechnoTrend/Hauppauge
DEC USB device driver. A local user with write access to the corresponding
device could use this flaw to crash the kernel or, potentially, elevate
their privileges on the system. (CVE-2014-8884, Low)

Bugs fixed (https://bugzilla.redhat.com/):

1043379 - guest screen fail to return back to the originally screen after resume from S3(still black screen)
1050834 - lockdep warning in flush_work() when hotunplugging a virtio-scsi disk (scsi-block + iscsi://)
1058608 - [RFE] btrfs-progs: btrfs resize doesn't support T/P/E suffix
1065474 - Size of external origin needs to be aligned with thin pool chunk size
1067126 - Virt-manager doesn't configure bridge for VM
1068627 - implement lazy save/restore of debug registers
1071340 - FCoE target: kernel panic when initiator connects to target
1074747 - kvm unit test "realmode" fails
1078775 - During query cpuinfo during guest boot from ipxe repeatedly in AMD hosts, vm repeatedly reboot.
1079841 - kvm unit test "debug" fails
1080894 - dm-cache: crash on creating cache
1083860 - kernel panic when virtscsi_init fails
1083969 - libguestfs-test-tool hangs when the guest is boot with -cpu host
1086058 - fail to boot L2 guest on wildcatpass Haswell host
1088784 - qemu ' KVM internal error. Suberror: 1' when query cpu frequently during pxe boot in Intel "Q95xx" host
1091818 - Windows guest booting failed with apicv and hv_vapic
1095099 - RHEL7.0 guest hang during kdump with qxl shared irq
1098643 - sync with latest upstream dm-thin provisioning improvements and fixes (through 3.15)
1102641 - BUG: It is not possible to communicate between local program and local ipv6 address when at least one 'netlabelctl unlbl' rule is added
1104097 - CVE-2014-3940 Kernel: missing check during hugepage migration
1115201 - [xfs] can't create inodes in newly added space after xfs_growfs
1117542 - Support for movntdq
1119662 - BUG: NetLabel lead to kernel panic on some SELinux levels
1120850 - unable recover NFSv3 locks NLM_DENIED_NOLOCK
1124880 - [fuse] java.io.FileNotFoundException (FNF) during time period with unrecovered disk errors
1127218 - Include fix commit daba287b299ec7a ("ipv4: fix DO and PROBE pmtu mode regarding local fragmentation with UFO/CORK")
1131552 - Solarflare devices do not provide PCIe ACS support, limiting device assignment use case due to IOMMU grouping
1141399 - Device 'vfio-pci' could not be initialized when passing through Intel 82599
1151353 - CVE-2014-8086 Kernel: fs: ext4 race condition
1153322 - CVE-2014-3690 kernel: kvm: vmx: invalid host cr4 handling across vm entries
1161565 - CVE-2014-7825 CVE-2014-7826 kernel: insufficient syscall number validation in perf and ftrace subsystems
1164266 - CVE-2014-8884 kernel: usb: buffer overflow in ttusb-dec
1173580 - CVE-2014-8709 kernel: net: mac80211: plain text information leak
1182059 - CVE-2014-8160 kernel: iptables restriction bypass if a protocol handler kernel module not loaded
1198457 - CVE-2014-8173 kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support
1198503 - CVE-2014-8172 kernel: soft lockup on aio
839966 - Trigger RHEL7 crash in guest domU, host don't generate core file
915335 - RFE: Multiple virtio-rng devices support
968147 - enable online multiple hot-added CPUs cause RHEL7.0 guest hang(soft lockup)

Whamcloud Community JIRA

[LU-6335] kernel upgrade [RHEL7.1 3.10.0-229.el7]