B.38.2. RHSA-2011:0007 — Important: kernel security and bug fix update
/dev/ecryptfshas world writable permissions (which it does not, by default, on Red Hat Enterprise Linux 6), a local, unprivileged user could use this flaw to cause a denial of service or possibly escalate their privileges. (CVE-2010-2492, Important)
RDSprotocol implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-3865, Important)
L2TPsockets implementation could allow a local, unprivileged user to cause a denial of service or escalate their privileges. (CVE-2010-4160, Important)
igbdriver. If both Single Root I/O Virtualization (SR-IOV) and promiscuous mode were enabled on an interface using
igb, it could result in a denial of service when a tagged VLAN packet is received on that interface. (CVE-2010-4263, Important)
XFSfile system implementation, and in the network traffic policing implementation, could allow a local, unprivileged user to cause an information leak. (CVE-2010-3078, CVE-2010-3477, Moderate)
/dev/sequencerto cause a denial of service.
/dev/sequenceris only accessible to root and users in the audio group by default. (CVE-2010-3080, Moderate)
bcm_connect()in the Controller Area Network (CAN) Broadcast Manager. On 64-bit systems, writing the socket address may overflow the
procnamecharacter array. (CVE-2010-3874, Moderate)
INETtransport protocols could allow a local, unprivileged user to cause a denial of service. (CVE-2010-3880, Moderate)
HCI UARTdriver could allow a local, unprivileged user to cause a denial of service. (CVE-2010-4242, Moderate)
AF_UNIXsockets could allow a local, unprivileged user to trigger a denial of service. (CVE-2010-4249, Moderate)
/dev/kvmto cause an information leak. (CVE-2010-4525, Low)
- When building kernel modules against the full Red Hat Enterprise Linux 6 source tree (instead of just kernel-devel), modules would be signed by a locally generated key. However, Red Hat Enterprise Linux 6 refused to load modules created in this way as it did not recognize the key. This update disables module signing while building out-of-tree modules, thus, in the aforementioned case, kernel module loading works as expected.
- With this update, the upper limit of the
log_mtts_per_segvariable was increased from five to seven, increasing the amount of memory that can be registered. As a result, the Mellanox driver (mlx4) can now use up to 64 GB of physical memory for RDMA (remote direct memory access). This provides better scalability for example when using the Mellanox adapter in NFS/RDMA, or on machines with a lot of physical memory.
- Due to a mix-up between
NFSv4client could get a
WRITElock on a file that another
NFSv4client already had a
READlock on. As a result, data could be corrupted. With this update,
O_flags are properly handled and getting a
WRITElock fails in the aforementioned case.
- Booting Red Hat Enterprise Linux 6 debug kernel on a system with the Dell PowerEdge RAID Controller H700 adapter caused the
megaraid_sasdriver to reset the controller multiple times leading to a faulty controller state. On rebooting the system, the faulty controller state could cause the firmware to detect an incorrect memory condition. This could be especially confusing since the message could be a faulty DIMM (Dual In-line Memory Module) condition prompting the administrator to replace the DIMMs. This occurred due to a leak in the
mfi_sgldma'ed frame when the firmware supported IEEE frames. The
mfi_sglwould draw memory from the slab cache and any use of freed memory would result in incorrect pages being read in the ISR (Interrupt Service Routine). This caused the controller resets and the ensuing DIMM error condition. This update fixes the leak in
mfi_sglwhen the firmware supports IEEE frames. Faulty controller states and faulty DIMM conditions no longer occur.
- Running VDSM and performing an
lvextendoperation during an intensive Virtual Guest power up caused this operation to fail. Since
lvextendwas blocked, all components became non-responsive:
lvscommands froze the session, Virtual Guests became Paused or Not Responding. This was caused due to a faulty use of a lock. With this update, performing an
lvextendoperation works as expected.
- Due to a faulty memory allocator, on Non-Uniform Memory Architecture (NUMA) platforms, an OOM (Out Of Memory) condition would occur when a user changed a cpuset's
/etc/dev/memsfile (list of memory nodes in that cpuset) even though the specified node had enough free memory. With this update, the memory allocator no longer causes an OOM condition when a node has enough free memory.
- When using a VIRT-IO (Virtual Input/Output) NIC (Network Interface Controller), its state was reported as unknown instead of its real state (up or down). This was due to the fact that the device could not report the state status. With this update, when a device is not capable of reporting the current state, it is assumed the state is up or the state is read from the config file.
- A previously released patch fixed the external module compiling when using the full source tree, however, it was discovered it resulted in breaking the build in the kernel-devel only case. With this update, the patch has been fixed to avoid any external module compiling errors.
- Running certain workload tests on a NUMA (Non-Uniform Memory Architecture) system could cause kernel panic at
mm/migrate.c:113. This was due to a false positive BUG_ON. With this update, the false positive BUG_ON has been removed.
- Updated partner qualification injecting target faults uncovered a flaw where the Emulex
lpfcdriver would incorrectly panic due to a null
pnodedereference. This update addresses the issue and was tested successfully under the same test conditions without the panic occurring.
- Updated partner qualification injecting controller faults uncovered a flaw where the Emulex
lpfcdriver panicked during error handling. With this update, kernel panic no longer occurs.
- Updated partner qualification injecting controller faults uncovered a flaw where Fibre Channel ports would go offline while testing with Emulex LPFC controllers due to a faulty LPFC heartbeat functionality. This update changes the default behavior of the LPFC heartbeat to
- When configuring an SIT (Simple Internet Transition) tunnel while a remote address is configured, kernel panic occurred, caused by an execution of a
header_opspointer in the
neigh_update_hhs()function. With this update, a check is introduced that makes sure the
header_opspointer is not of the value
NULL, thus, kernel panic no longer occurs.