-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

====================================================================                   Red Hat Security Advisory

Synopsis:          Important: kernel-rt security, bug fix, and enhancement update
Advisory ID:       RHSA-2018:3096-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2018:3096
Issue date:        2018-10-30
CVE Names:         CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 
                   CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 
                   CVE-2017-18232 CVE-2017-18344 CVE-2018-1092 
                   CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 
                   CVE-2018-1130 CVE-2018-5344 CVE-2018-5391 
                   CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 
                   CVE-2018-7757 CVE-2018-8781 CVE-2018-10322 
                   CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 
                   CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 
                   CVE-2018-13405 CVE-2018-1000026 
====================================================================
1. Summary:

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64
Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

3. Description:

The kernel-rt packages provide the Real Time Linux Kernel, which enables
fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

* A flaw named FragmentSmack was found in the way the Linux kernel handled
reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use
this flaw to trigger time and calculation expensive fragment reassembly
algorithm by sending specially crafted packets which could lead to a CPU
saturation and hence a denial of service on the system. (CVE-2018-5391)

* kernel: out-of-bounds access in the show_timer function in
kernel/time/posix-timers.c (CVE-2017-18344)

* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute
code in kernel space (CVE-2018-8781)

* kernel: MIDI driver race condition leads to a double-free
(CVE-2018-10902)

* kernel: Missing check in inode_init_owner() does not clear SGID bit on
non-directories for non-members (CVE-2018-13405)

* kernel: AIO write triggers integer overflow in some protocols
(CVE-2015-8830)

* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem
potentially leads to privilege escalation (CVE-2017-0861)

* kernel: Handling of might_cancel queueing is not properly pretected
against race (CVE-2017-10661)

* kernel: Salsa20 encryption algorithm does not correctly handle
zero-length inputs allowing local attackers to cause denial of service
(CVE-2017-17805)

* kernel: Inifinite loop vulnerability in madvise_willneed() function
allows local denial of service (CVE-2017-18208)

* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes
denial of service (CVE-2018-1120)

* kernel: a null pointer dereference in dccp_write_xmit() leads to a system
crash (CVE-2018-1130)

* kernel: drivers/block/loop.c mishandles lo_release serialization allowing
denial of service (CVE-2018-5344)

* kernel: Missing length check of payload in _sctp_make_chunk() function
allows denial of service (CVE-2018-5803)

* kernel: buffer overflow in
drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory
corruption (CVE-2018-5848)

* kernel: out-of-bound write in ext4_init_block_bitmap function with a
crafted ext4 image (CVE-2018-10878)

* kernel: Improper validation in bnx2x network card driver can allow for
denial of service attacks via crafted packet (CVE-2018-1000026)

* kernel: Information leak when handling NM entries containing NUL
(CVE-2016-4913)

* kernel: Mishandling mutex within libsas allowing local Denial of Service
(CVE-2017-18232)

* kernel: NULL pointer dereference in ext4_process_freed_data() when
mounting crafted ext4 image (CVE-2018-1092)

* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash
with crafted ext4 image (CVE-2018-1094)

* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg()
(CVE-2018-1118)

* kernel: Denial of service in resv_map_release function in mm/hugetlb.c
(CVE-2018-7740)

* kernel: Memory leak in the sas_smp_get_phy_events function in
drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)

* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when
mounting crafted xfs image allowing denial of service (CVE-2018-10322)

* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted
file (CVE-2018-10879)

* kernel: out-of-bound access in ext4_get_group_info() when mounting and
operating a crafted ext4 image (CVE-2018-10881)

* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
(CVE-2018-10883)

* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
(CVE-2018-10940)

Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department
of Communications and Networking and Nokia Bell Labs) for reporting
CVE-2018-5391; Trend Micro Zero Day Initiative for reporting
CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii
Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for
reporting CVE-2018-1092 and CVE-2018-1094.

4. Solution:

For more details about the security issue(s), including the impact, a CVSS
score, and other related information, refer to the CVE page(s) listed in
the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat
Enterprise Linux 7.6 Release Notes linked from the References section.

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols
1337528 - CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL
1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race
1510602 - locking: bring in upstream PREEMPT_RT rtlock patches to fix single-reader limitation
1512875 - WARNING: CPU: 7 PID: 1090 at drivers/target/target_core_transport.c:3009 __transport_check_aborted_status+0x153/0x190 [target_core_mod]
1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service
1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service
1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet
1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service
1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service
1552867 - CVE-2018-7740 kernel: Denial of service in resv_map_release function in mm/hugetlb.c
1553351 - RT: update kernel-rt source tree to match RHEL 7.6 tree
1553361 - CVE-2018-7757 kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c
1558066 - CVE-2017-18232 kernel: Mishandling mutex within libsas allowing local Denial of Service
1560777 - CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image
1560788 - CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image
1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation
1569910 - Call Trace shows in guest when running determine_maximum_mpps.sh
1571062 - CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space
1571623 - CVE-2018-10322 kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service
1573699 - CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()
1575472 - CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service
1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash
1577408 - CVE-2018-10940 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c
1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free
1590799 - CVE-2018-5848 kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption
1596802 - CVE-2018-10878 kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image
1596806 - CVE-2018-10879 kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file
1596828 - CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image
1596846 - CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function
1599161 - CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members1608672 - RT system hang due to wrong of rq's nr_running
1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)
1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

6. Package List:

Red Hat Enterprise Linux for Real Time for NFV (v. 7):

Source:
kernel-rt-3.10.0-957.rt56.910.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-957.rt56.910.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debuginfo-common-x86_64-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm

Red Hat Enterprise Linux for Real Time (v. 7):

Source:
kernel-rt-3.10.0-957.rt56.910.el7.src.rpm

noarch:
kernel-rt-doc-3.10.0-957.rt56.910.el7.noarch.rpm

x86_64:
kernel-rt-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-debug-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-3.10.0-957.rt56.910.el7.x86_64.rpm
kernel-rt-trace-devel-3.10.0-957.rt56.910.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2015-8830
https://access.redhat.com/security/cve/CVE-2016-4913
https://access.redhat.com/security/cve/CVE-2017-0861
https://access.redhat.com/security/cve/CVE-2017-10661
https://access.redhat.com/security/cve/CVE-2017-17805
https://access.redhat.com/security/cve/CVE-2017-18208
https://access.redhat.com/security/cve/CVE-2017-18232
https://access.redhat.com/security/cve/CVE-2017-18344
https://access.redhat.com/security/cve/CVE-2018-1092
https://access.redhat.com/security/cve/CVE-2018-1094
https://access.redhat.com/security/cve/CVE-2018-1118
https://access.redhat.com/security/cve/CVE-2018-1120
https://access.redhat.com/security/cve/CVE-2018-1130
https://access.redhat.com/security/cve/CVE-2018-5344
https://access.redhat.com/security/cve/CVE-2018-5391
https://access.redhat.com/security/cve/CVE-2018-5803
https://access.redhat.com/security/cve/CVE-2018-5848
https://access.redhat.com/security/cve/CVE-2018-7740
https://access.redhat.com/security/cve/CVE-2018-7757
https://access.redhat.com/security/cve/CVE-2018-8781
https://access.redhat.com/security/cve/CVE-2018-10322
https://access.redhat.com/security/cve/CVE-2018-10878
https://access.redhat.com/security/cve/CVE-2018-10879
https://access.redhat.com/security/cve/CVE-2018-10881
https://access.redhat.com/security/cve/CVE-2018-10883
https://access.redhat.com/security/cve/CVE-2018-10902
https://access.redhat.com/security/cve/CVE-2018-10940
https://access.redhat.com/security/cve/CVE-2018-13405
https://access.redhat.com/security/cve/CVE-2018-1000026
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/articles/3553061
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.6_Release_Notes/index.html

8. Contact:

The Red Hat security contact is . More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2018 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIVAwUBW9gRpNzjgjWX9erEAQim6xAAl0my7Mu97zvsTFUj9Tq4Lpj7kJ2fkPcW
4GfKQWeJwCBY3LAeeRFvaU0v7eHA7ddI3hXC0sRLRfz53aebtq/hG126VvRo3jMD
fEO0m5s49sNazMKYlnYGhca8/XTzuyS5ar44rIBgeJ2p4aUzhk8G3Oi8sDYLXElq
bMs1va0oB4vwqqcY+Oc9XB6Wg4t1+OrsmBlm9+Wqeu4qt9R2f9B31TMcBIlNqr+M
fH2hSKw/G/E0KL7ODK4LkyP5d9i9GW/GuCdF3QMPv/2rVwI0OpK4wVxOAQJ4o8/Q
U0tqAVCLkn2i5qZ5Y1x0+9OdTnHIfZnypJeZ+VWD4Y0PKcokNFYu7FBbcMfQBCkg
7xD0PTPjayeilUsNlRYIXFjmUQ9n+UGJEuP0LhJ6150zuSvPJl15FS6IMkAk6bYr
3u3I1ZTcPiCm/7oiC9MHnjIiuld8UgsILkYvG3xK9QMnhl41r/Nr4jb2vtrDgw5R
e9GF4vwievFDmp7tnENUHrL7VgAZ0jS07fyi3IRl/YbaJX8IuUGhMv08GCbb7qgr
DuTLLTlU0wvLaJ6qNU01RAeYz7GZiJYRrPdRhGgxSnNWcIULy4PRSk9Zd1tlflBP
cAOPIHJV2Kf3kKj/wIVs2WzcSV2uEKY1EW4vptl5t5jX1ZUUtHFL0tpFFjJkJGD1
lq8DIVubbnc=1RFn
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce

RedHat: RHSA-2018-3096:01 Important: kernel-rt security, bug fix,

An update for kernel-rt is now available for Red Hat Enterprise Linux 7

Summary

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
Security Fix(es):
* A flaw named FragmentSmack was found in the way the Linux kernel handled reassembly of fragmented IPv4 and IPv6 packets. A remote attacker could use this flaw to trigger time and calculation expensive fragment reassembly algorithm by sending specially crafted packets which could lead to a CPU saturation and hence a denial of service on the system. (CVE-2018-5391)
* kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
* kernel: Integer overflow in udl_fb_mmap() can allow attackers to execute code in kernel space (CVE-2018-8781)
* kernel: MIDI driver race condition leads to a double-free (CVE-2018-10902)
* kernel: Missing check in inode_init_owner() does not clear SGID bit on non-directories for non-members (CVE-2018-13405)
* kernel: AIO write triggers integer overflow in some protocols (CVE-2015-8830)
* kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation (CVE-2017-0861)
* kernel: Handling of might_cancel queueing is not properly pretected against race (CVE-2017-10661)
* kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial of service (CVE-2017-17805)
* kernel: Inifinite loop vulnerability in madvise_willneed() function allows local denial of service (CVE-2017-18208)
* kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service (CVE-2018-1120)
* kernel: a null pointer dereference in dccp_write_xmit() leads to a system crash (CVE-2018-1130)
* kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial of service (CVE-2018-5344)
* kernel: Missing length check of payload in _sctp_make_chunk() function allows denial of service (CVE-2018-5803)
* kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption (CVE-2018-5848)
* kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image (CVE-2018-10878)
* kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet (CVE-2018-1000026)
* kernel: Information leak when handling NM entries containing NUL (CVE-2016-4913)
* kernel: Mishandling mutex within libsas allowing local Denial of Service (CVE-2017-18232)
* kernel: NULL pointer dereference in ext4_process_freed_data() when mounting crafted ext4 image (CVE-2018-1092)
* kernel: NULL pointer dereference in ext4_xattr_inode_hash() causes crash with crafted ext4 image (CVE-2018-1094)
* kernel: vhost: Information disclosure in vhost.c:vhost_new_msg() (CVE-2018-1118)
* kernel: Denial of service in resv_map_release function in mm/hugetlb.c (CVE-2018-7740)
* kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c (CVE-2018-7757)
* kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service (CVE-2018-10322)
* kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file (CVE-2018-10879)
* kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image (CVE-2018-10881)
* kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function (CVE-2018-10883)
* kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c (CVE-2018-10940)
Red Hat would like to thank Juha-Matti Tilli (Aalto University - Department of Communications and Networking and Nokia Bell Labs) for reporting CVE-2018-5391; Trend Micro Zero Day Initiative for reporting CVE-2018-10902; Qualys Research Labs for reporting CVE-2018-1120; Evgenii Shatokhin (Virtuozzo Team) for reporting CVE-2018-1130; and Wen Xu for reporting CVE-2018-1092 and CVE-2018-1094.

Summary

Solution

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.6 Release Notes linked from the References section.
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.

References

https://access.redhat.com/security/cve/CVE-2015-8830 https://access.redhat.com/security/cve/CVE-2016-4913 https://access.redhat.com/security/cve/CVE-2017-0861 https://access.redhat.com/security/cve/CVE-2017-10661 https://access.redhat.com/security/cve/CVE-2017-17805 https://access.redhat.com/security/cve/CVE-2017-18208 https://access.redhat.com/security/cve/CVE-2017-18232 https://access.redhat.com/security/cve/CVE-2017-18344 https://access.redhat.com/security/cve/CVE-2018-1092 https://access.redhat.com/security/cve/CVE-2018-1094 https://access.redhat.com/security/cve/CVE-2018-1118 https://access.redhat.com/security/cve/CVE-2018-1120 https://access.redhat.com/security/cve/CVE-2018-1130 https://access.redhat.com/security/cve/CVE-2018-5344 https://access.redhat.com/security/cve/CVE-2018-5391 https://access.redhat.com/security/cve/CVE-2018-5803 https://access.redhat.com/security/cve/CVE-2018-5848 https://access.redhat.com/security/cve/CVE-2018-7740 https://access.redhat.com/security/cve/CVE-2018-7757 https://access.redhat.com/security/cve/CVE-2018-8781 https://access.redhat.com/security/cve/CVE-2018-10322 https://access.redhat.com/security/cve/CVE-2018-10878 https://access.redhat.com/security/cve/CVE-2018-10879 https://access.redhat.com/security/cve/CVE-2018-10881 https://access.redhat.com/security/cve/CVE-2018-10883 https://access.redhat.com/security/cve/CVE-2018-10902 https://access.redhat.com/security/cve/CVE-2018-10940 https://access.redhat.com/security/cve/CVE-2018-13405 https://access.redhat.com/security/cve/CVE-2018-1000026 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/articles/3553061 https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.6_Release_Notes/index.html

Package List

Red Hat Enterprise Linux for Real Time for NFV (v. 7):
Source: kernel-rt-3.10.0-957.rt56.910.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-957.rt56.910.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debuginfo-common-x86_64-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-devel-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-kvm-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-kvm-debuginfo-3.10.0-957.rt56.910.el7.x86_64.rpm
Red Hat Enterprise Linux for Real Time (v. 7):
Source: kernel-rt-3.10.0-957.rt56.910.el7.src.rpm
noarch: kernel-rt-doc-3.10.0-957.rt56.910.el7.noarch.rpm
x86_64: kernel-rt-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-debug-devel-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-devel-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-3.10.0-957.rt56.910.el7.x86_64.rpm kernel-rt-trace-devel-3.10.0-957.rt56.910.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

Severity

Advisory ID: RHSA-2018:3096-01

Product: Red Hat Enterprise Linux

Advisory URL: https://access.redhat.com/errata/RHSA-2018:3096

Issued Date: : 2018-10-30

CVE Names: CVE-2015-8830 CVE-2016-4913 CVE-2017-0861 CVE-2017-10661 CVE-2017-17805 CVE-2017-18208 CVE-2017-18232 CVE-2017-18344 CVE-2018-1092 CVE-2018-1094 CVE-2018-1118 CVE-2018-1120 CVE-2018-1130 CVE-2018-5344 CVE-2018-5391 CVE-2018-5803 CVE-2018-5848 CVE-2018-7740 CVE-2018-7757 CVE-2018-8781 CVE-2018-10322 CVE-2018-10878 CVE-2018-10879 CVE-2018-10881 CVE-2018-10883 CVE-2018-10902 CVE-2018-10940 CVE-2018-13405 CVE-2018-1000026

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.Red Hat Product Security has rated this update as having a security impactof Important. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available for each vulnerabilityfrom the CVE link(s) in the References section.

Topic

Relevant Releases Architectures

Red Hat Enterprise Linux for Real Time (v. 7) - noarch, x86_64

Red Hat Enterprise Linux for Real Time for NFV (v. 7) - noarch, x86_64

Bugs Fixed

1314275 - CVE-2015-8830 kernel: AIO write triggers integer overflow in some protocols

1337528 - CVE-2016-4913 kernel: Information leak when handling NM entries containing NUL

1481136 - CVE-2017-10661 kernel: Handling of might_cancel queueing is not properly pretected against race

1510602 - locking: bring in upstream PREEMPT_RT rtlock patches to fix single-reader limitation

1512875 - WARNING: CPU: 7 PID: 1090 at drivers/target/target_core_transport.c:3009 __transport_check_aborted_status+0x153/0x190 [target_core_mod]

1528312 - CVE-2017-17805 kernel: Salsa20 encryption algorithm does not correctly handle zero-length inputs allowing local attackers to cause denial-of-service

1533909 - CVE-2018-5344 kernel: drivers/block/loop.c mishandles lo_release serialization allowing denial-of-service

1541846 - CVE-2018-1000026 kernel: Improper validation in bnx2x network card driver can allow for denial of service attacks via crafted packet

1551051 - CVE-2018-5803 kernel: Missing length check of payload in net/sctp/sm_make_chunk.c:_sctp_make_chunk() function allows denial of service

1551565 - CVE-2017-18208 kernel: Inifinite loop vulnerability in mm/madvise.c:madvise_willneed() function allows local denial of service

1552867 - CVE-2018-7740 kernel: Denial of service in resv_map_release function in mm/hugetlb.c

1553351 - RT: update kernel-rt source tree to match RHEL 7.6 tree

1553361 - CVE-2018-7757 kernel: Memory leak in the sas_smp_get_phy_events function in drivers/scsi/libsas/sas_expander.c

1558066 - CVE-2017-18232 kernel: Mishandling mutex within libsas allowing local Denial of Service

1560777 - CVE-2018-1092 kernel: NULL pointer dereference in ext4/mballoc.c:ext4_process_freed_data() when mounting crafted ext4 image

1560788 - CVE-2018-1094 kernel: NULL pointer dereference in ext4/xattr.c:ext4_xattr_inode_hash() causes crash with crafted ext4 image

1563994 - CVE-2017-0861 kernel: Use-after-free in snd_pcm_info function in ALSA subsystem potentially leads to privilege escalation

1569910 - Call Trace shows in guest when running determine_maximum_mpps.sh

1571062 - CVE-2018-8781 kernel: Integer overflow in drivers/gpu/drm/udl/udl_fb.c:udl_fb_mmap() can allow attackers to execute code in kernel space

1571623 - CVE-2018-10322 kernel: Invalid pointer dereference in xfs_ilock_attr_map_shared() when mounting crafted xfs image allowing denial of service

1573699 - CVE-2018-1118 kernel: vhost: Information disclosure in vhost/vhost.c:vhost_new_msg()

1575472 - CVE-2018-1120 kernel: fuse-backed file mmap-ed onto process cmdline arguments causes denial of service

1576419 - CVE-2018-1130 kernel: a null pointer dereference in net/dccp/output.c:dccp_write_xmit() leads to a system crash

1577408 - CVE-2018-10940 kernel: incorrect memory bounds check in drivers/cdrom/cdrom.c

1590720 - CVE-2018-10902 kernel: MIDI driver race condition leads to a double-free

1590799 - CVE-2018-5848 kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption

1596802 - CVE-2018-10878 kernel: out-of-bound write in ext4_init_block_bitmap function with a crafted ext4 image

1596806 - CVE-2018-10879 kernel: use-after-free detected in ext4_xattr_set_entry with a crafted file

1596828 - CVE-2018-10881 kernel: out-of-bound access in ext4_get_group_info() when mounting and operating a crafted ext4 image

1596846 - CVE-2018-10883 kernel: stack-out-of-bounds write in jbd2_journal_dirty_metadata function

1599161 - CVE-2018-13405 kernel: Missing check in fs/inode.c:inode_init_owner() does not clear SGID bit on non-directories for non-members1608672 - RT system hang due to wrong of rq's nr_running

1609664 - CVE-2018-5391 kernel: IP fragments with random offsets allow a remote denial of service (FragmentSmack)

1610958 - CVE-2017-18344 kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c

What Are You Looking For?

RedHat: RHSA-2018-3096:01 Important: kernel-rt security, bug fix,

Summary

Summary

Solution

References

Package List

Topic

Topic

Relevant Releases Architectures

Bugs Fixed

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Tails 5.20 Brings Latest Tor Browser, Ditches AdGuard Filter List

LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In

News

Advisories

HOWTOs

Features

Unlocking the Future of Authentication: Passkeys vs. Passwords

Empowering MSPs with Straightforward Linux Device Management

A Complete Guide to Torrenting Safely in 2024

Cloud Security Basics for Small Businesses

Scanning and Defending Networks with Nmap

About Us

Powered By

What Are You Looking For?

RedHat: RHSA-2018-3096:01 Important: kernel-rt security, bug fix,

Summary

Summary

Solution

References

Package List

Topic

Topic

Get the Latest News & Insights

Relevant Releases Architectures

Bugs Fixed

Related News

News

Advisories

HOWTOs

Features

About Us

Powered By