https://jira.whamcloud.com This file is an XML representation of an issue en-us 9.4.14 940014 05-12-2023 https://jira.whamcloud.com/browse/LU-9174 Lustre <p>Security Fix(es):</p> <ul> <li>Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM) support<br/> is vulnerable to a null pointer dereference flaw. It could occur on x86<br/> platform, when emulating an undefined instruction. An attacker could use this<br/> flaw to crash the host kernel resulting in DoS. (CVE-2016-8630, Important)</li> </ul> <ul> <li>A race condition issue leading to a use-after-free flaw was found in the way<br/> the raw packet sockets implementation in the Linux kernel networking subsystem<br/> handled synchronization while creating the TPACKET_V3 ring buffer. A local user<br/> able to open a raw packet socket (requires the CAP_NET_RAW capability) could use<br/> this flaw to elevate their privileges on the system. (CVE-2016-8655, Important)</li> </ul> <ul> <li>A flaw was discovered in the Linux kernel's implementation of VFIO. An<br/> attacker issuing an ioctl can create a situation where memory is corrupted and<br/> modify memory outside of the expected area. This may overwrite kernel memory and<br/> subvert kernel execution. (CVE-2016-9083, Important)</li> </ul> <ul> <li>The use of a kzalloc with an integer multiplication allowed an integer<br/> overflow condition to be reached in vfio_pci_intrs.c. This combined with<br/> CVE-2016-9083 may allow an attacker to craft an attack and use unallocated<br/> memory, potentially crashing the machine. (CVE-2016-9084, Moderate)</li> </ul> <p>To see the complete list of bug fixes and enhancements, refer to<br/> the following KnowledgeBase article: <a href="https://access.redhat.com/articles/2940041" class="external-link" target="_blank" rel="nofollow noopener">https://access.redhat.com/articles/2940041</a>.</p> <p>Bugs fixed (<a href="https://bugzilla.redhat.com/):" class="external-link" target="_blank" rel="nofollow noopener">https://bugzilla.redhat.com/):</a></p> <p>1389258 - CVE-2016-9083 kernel: State machine confusion bug in vfio driver leading to memory corruption<br/> 1389259 - CVE-2016-9084 kernel: Integer overflow when using kzalloc in vfio driver<br/> 1393350 - CVE-2016-8630 kernel: kvm: x86: NULL pointer dereference during instruction decode<br/> 1400019 - CVE-2016-8655 kernel: Race condition in packet_set_ring leads to use after free</p> LU-9174

kernel update [RHEL7.3 3.10.0-514.10.2.el7]

Bug Minor Resolved Fixed Bob Glossman Bob Glossman Thu, 2 Mar 2017 17:51:00 +0000 Wed, 12 Apr 2017 14:56:32 +0000 Tue, 14 Mar 2017 06:17:06 +0000 Lustre 2.10.0 0 2 <p>Bob Glossman (bob.glossman@intel.com) uploaded a new patch: <a href="https://review.whamcloud.com/25747" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/25747</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9174" title="kernel update [RHEL7.3 3.10.0-514.10.2.el7]" class="issue-link" data-issue-key="LU-9174"><del>LU-9174</del></a> kernel: kernel update RHEL7.3 <span class="error">&#91;3.10.0-514.10.2.el7&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: 1<br/> Commit: 7520fc56aba86e183ff8e107b7f9155773d2503e</p> <p>Oleg Drokin (oleg.drokin@intel.com) merged in patch <a href="https://review.whamcloud.com/25747/" class="external-link" target="_blank" rel="nofollow noopener">https://review.whamcloud.com/25747/</a><br/> Subject: <a href="https://jira.whamcloud.com/browse/LU-9174" title="kernel update [RHEL7.3 3.10.0-514.10.2.el7]" class="issue-link" data-issue-key="LU-9174"><del>LU-9174</del></a> kernel: kernel update RHEL7.3 <span class="error">&#91;3.10.0-514.10.2.el7&#93;</span><br/> Project: fs/lustre-release<br/> Branch: master<br/> Current Patch Set: <br/> Commit: f8ac16100986b32cbae7b13baf69a30ac598ae7e</p> <p>Landed for 2.10</p> Related LU-9143 LU-9323 Development Rank 1|hzz5nr: Rank (Obsolete) 9223372036854775807 Severity