- Issued:
- 2016-08-02
- Updated:
- 2016-08-02
RHSA-2016:1541 - Security Advisory
Synopsis
Important: kernel-rt security and bug fix update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for kernel-rt is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.
- A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)
- The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate)
Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).
The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307)
This update also fixes the following bugs:
- Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171)
- Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
The system must be rebooted for this update to take effect.
Affected Products
- Red Hat Enterprise Linux for Real Time 7 x86_64
- Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
Fixes
- BZ - 1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
- BZ - 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
- BZ - 1350307 - kernel-rt: update to the RHEL7.2.z batch#6 source tree
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for Real Time 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm | SHA-256: 7a8cfe92e622152111e44bc96ae564890a4b494dfebbda9d4146fcd3cbf358bb |
| x86_64 | |
| kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 30bebe269f413f6c5f037ff70f41b95713664dc6605676bb09967eb07f3e6b57 |
| kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 63c8360894b52efd649ba0c29460aee2778335c5f6ba32624c3d68c9baa7d064 |
| kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 45b73cd5e0b040e8541a7dac5bf207ce1cb4ffe91e9bff96670492a3185ffe9c |
| kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 51c05c80d1d25c8d2c7b7b8889ce813861da6cd5333b22ee7709caa51f404ecb |
| kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 4aed0168cc459897cbc0d38ba8f795c7bd70df7240e9bf13a86fbb627b457422 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 979184fc318c75acd9f47f522d9325531289507050ddad611a0a9ee804cccd6d |
| kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: ad9098751004b8a1f5588428587d5adc7855bc9146a57654059a91eb26c4114e |
| kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm | SHA-256: 22c7fccf8db4ccdf7054816cb26138bed1a3ea8ede463e0705fd1973a4ab697a |
| kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 28be3b0ef3ccb50b02b5933e84c54420616972c1d08903307ef199c6fe96eb10 |
| kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: c580efa485c2edd26c3ac84ca73765b52e44bd2b2666bcd17b739abffc2e64b0 |
| kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: c09faca54b9974533d5b726e0db5f9d0d885fd683cc969fbb8438c27e12907ba |
Red Hat Enterprise Linux for Real Time for NFV 7
| SRPM | |
|---|---|
| kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm | SHA-256: 7a8cfe92e622152111e44bc96ae564890a4b494dfebbda9d4146fcd3cbf358bb |
| x86_64 | |
| kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 30bebe269f413f6c5f037ff70f41b95713664dc6605676bb09967eb07f3e6b57 |
| kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 63c8360894b52efd649ba0c29460aee2778335c5f6ba32624c3d68c9baa7d064 |
| kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 45b73cd5e0b040e8541a7dac5bf207ce1cb4ffe91e9bff96670492a3185ffe9c |
| kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 51c05c80d1d25c8d2c7b7b8889ce813861da6cd5333b22ee7709caa51f404ecb |
| kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 4e5f79d98e1498fa5f4d3f9f00c95335cb8e5ac59805387ca2723be78f93ba33 |
| kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: b4b8d1a2faa2a89bc726bc536e1e7e5471b9ff39b8386da9b36ede11d4aa19b2 |
| kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 4aed0168cc459897cbc0d38ba8f795c7bd70df7240e9bf13a86fbb627b457422 |
| kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 979184fc318c75acd9f47f522d9325531289507050ddad611a0a9ee804cccd6d |
| kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: ad9098751004b8a1f5588428587d5adc7855bc9146a57654059a91eb26c4114e |
| kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm | SHA-256: 22c7fccf8db4ccdf7054816cb26138bed1a3ea8ede463e0705fd1973a4ab697a |
| kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 9be7113d95b0899c25a21aeba9f15098739c485cb967f90c1c44368f06a44ce9 |
| kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 417076ba546af92fab2867b917f9d02548d294df8f6dbcf8b1d4ea0042285ffb |
| kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: 28be3b0ef3ccb50b02b5933e84c54420616972c1d08903307ef199c6fe96eb10 |
| kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: c580efa485c2edd26c3ac84ca73765b52e44bd2b2666bcd17b739abffc2e64b0 |
| kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: c09faca54b9974533d5b726e0db5f9d0d885fd683cc969fbb8438c27e12907ba |
| kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: b19b63688bdfd0235da9ce80bfbe3f9465f7b530c1c16d9e5f4e70382e30aeda |
| kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm | SHA-256: bffc32cc3f8f1a8ed8081233040eb8a3e7719822519d5bd9a2a79318355e12ae |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.