Whamcloud Community JIRA https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 [LU-6964] Kernel update for RHEL7.1 [3.10.0-229.11.1.el7] https://jira.whamcloud.com/browse/LU-6964 Lustre <ul> <li>An integer overflow flaw was found in the way the Linux kernel's<br/> netfilter connection tracking implementation loaded extensions. An attacker<br/> on a local network could potentially send a sequence of specially crafted<br/> packets that would initiate the loading of a large number of extensions,<br/> causing the targeted system in that network to crash. (CVE-2014-9715,<br/> Moderate)</li> </ul> <ul> <li>A stack-based buffer overflow flaw was found in the Linux kernel's early<br/> load microcode functionality. On a system with UEFI Secure Boot enabled, a<br/> local, privileged user could use this flaw to increase their privileges to<br/> the kernel (ring0) level, bypassing intended restrictions in place.<br/> (CVE-2015-2666, Moderate)</li> </ul> <ul> <li>It was found that the Linux kernel's ping socket implementation did not<br/> properly handle socket unhashing during spurious disconnects, which could<br/> lead to a use-after-free flaw. On x86-64 architecture systems, a local user<br/> able to create ping sockets could use this flaw to crash the system.<br/> On non-x86-64 architecture systems, a local user able to create ping<br/> sockets could use this flaw to escalate their privileges on the system.<br/> (CVE-2015-3636, Moderate)</li> </ul> <ul> <li>It was found that the Linux kernel's TCP/IP protocol suite implementation<br/> for IPv6 allowed the Hop Limit value to be set to a smaller value than the<br/> default one. An attacker on a local network could use this flaw to prevent<br/> systems on that network from sending or receiving network packets.<br/> (CVE-2015-2922, Low)</li> </ul> <p>Bugs fixed (<a href="https://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">https://bugzilla.redhat.com/):</a></p> <p>1203712 - CVE-2015-2922 kernel: denial of service (DoS) attack against IPv6 network stacks due to improper handling of Router Advertisements.<br/> 1204722 - CVE-2015-2666 kernel: execution in the early microcode loader<br/> 1208684 - CVE-2014-9715 kernel: netfilter connection tracking extensions denial of service<br/> 1218074 - CVE-2015-3636 kernel: ping sockets: use-after-free leading to local privilege escalation</p> LU-6964 Kernel update for RHEL7.1 [3.10.0-229.11.1.el7] Bug Minor Resolved Fixed Bob Glossman Bob Glossman Wed, 5 Aug 2015 19:59:50 +0000 Tue, 11 Sep 2018 20:52:50 +0000 Tue, 11 Sep 2018 20:52:50 +0000 0 4 <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="http://review.whamcloud.com/15873" class="external-link" target="_blank" rel="nofollow noopener">http://review.whamcloud.com/15873</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-6964" title="Kernel update for RHEL7.1 [3.10.0-229.11.1.el7]" class="issue-link" data-issue-key="LU-6964"><del>LU-6964</del></a> kernel: kernel update RHEL 7.1 <span class="error">&#91;3.10.0-229.11.1.el7&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 37abad0c177bafb45a7e8c662cff2373858a5b9e</p> Related Development Rank 1|hzxjwv: Rank (Obsolete) 9223372036854775807 Severity