Issued:
2016-08-02
Updated:
2016-08-02

RHSA-2016:1541 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

  • A flaw was found in the Linux kernel's keyring handling code, where in key_reject_and_link() an uninitialised variable would eventually lead to arbitrary free address which could allow attacker to use a use-after-free style attack. (CVE-2016-4470, Important)
  • The ovl_setattr function in fs/overlayfs/inode.c in the Linux kernel through 4.3.3 attempts to merge distinct setattr operations, which allows local users to bypass intended access restrictions and modify the attributes of arbitrary overlay files via a crafted application. (CVE-2015-8660, Moderate)

Red Hat would like to thank Nathan Williams for reporting CVE-2015-8660. The CVE-2016-4470 issue was discovered by David Howells (Red Hat Inc.).

The kernel-rt packages have been upgraded to the kernel-3.10.0-327.28.2.el7 source tree, which provides a number of bug fixes over the previous version. (BZ#1350307)

This update also fixes the following bugs:

  • Previously, use of the get/put_cpu_var() function in function refill_stock() from the memcontrol cgroup code lead to a "scheduling while atomic" warning. With this update, refill_stock() uses the get/put_cpu_light() function instead, and the warnings no longer appear. (BZ#1347171)
  • Prior to this update, if a real time task pinned to a given CPU was taking 100% of the CPU time, then calls to the lru_add_drain_all() function on other CPUs blocked for an undetermined amount of time. This caused latencies and undesired side effects. With this update, lru_add_drain_all() has been changed to drain the LRU pagevecs of remote CPUs. (BZ#1348523)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1291329 - CVE-2015-8660 kernel: Permission bypass on overlayfs during copy_up
  • BZ - 1341716 - CVE-2016-4470 kernel: Uninitialized variable in request_key handling causes kernel crash in error handling path
  • BZ - 1350307 - kernel-rt: update to the RHEL7.2.z batch#6 source tree

CVEs

References

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm SHA-256: 7a8cfe92e622152111e44bc96ae564890a4b494dfebbda9d4146fcd3cbf358bb
x86_64
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 30bebe269f413f6c5f037ff70f41b95713664dc6605676bb09967eb07f3e6b57
kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 63c8360894b52efd649ba0c29460aee2778335c5f6ba32624c3d68c9baa7d064
kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 45b73cd5e0b040e8541a7dac5bf207ce1cb4ffe91e9bff96670492a3185ffe9c
kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 51c05c80d1d25c8d2c7b7b8889ce813861da6cd5333b22ee7709caa51f404ecb
kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 4aed0168cc459897cbc0d38ba8f795c7bd70df7240e9bf13a86fbb627b457422
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 979184fc318c75acd9f47f522d9325531289507050ddad611a0a9ee804cccd6d
kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: ad9098751004b8a1f5588428587d5adc7855bc9146a57654059a91eb26c4114e
kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm SHA-256: 22c7fccf8db4ccdf7054816cb26138bed1a3ea8ede463e0705fd1973a4ab697a
kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 28be3b0ef3ccb50b02b5933e84c54420616972c1d08903307ef199c6fe96eb10
kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: c580efa485c2edd26c3ac84ca73765b52e44bd2b2666bcd17b739abffc2e64b0
kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: c09faca54b9974533d5b726e0db5f9d0d885fd683cc969fbb8438c27e12907ba

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.src.rpm SHA-256: 7a8cfe92e622152111e44bc96ae564890a4b494dfebbda9d4146fcd3cbf358bb
x86_64
kernel-rt-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 30bebe269f413f6c5f037ff70f41b95713664dc6605676bb09967eb07f3e6b57
kernel-rt-debug-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 63c8360894b52efd649ba0c29460aee2778335c5f6ba32624c3d68c9baa7d064
kernel-rt-debug-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 45b73cd5e0b040e8541a7dac5bf207ce1cb4ffe91e9bff96670492a3185ffe9c
kernel-rt-debug-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 51c05c80d1d25c8d2c7b7b8889ce813861da6cd5333b22ee7709caa51f404ecb
kernel-rt-debug-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 4e5f79d98e1498fa5f4d3f9f00c95335cb8e5ac59805387ca2723be78f93ba33
kernel-rt-debug-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: b4b8d1a2faa2a89bc726bc536e1e7e5471b9ff39b8386da9b36ede11d4aa19b2
kernel-rt-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 4aed0168cc459897cbc0d38ba8f795c7bd70df7240e9bf13a86fbb627b457422
kernel-rt-debuginfo-common-x86_64-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 979184fc318c75acd9f47f522d9325531289507050ddad611a0a9ee804cccd6d
kernel-rt-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: ad9098751004b8a1f5588428587d5adc7855bc9146a57654059a91eb26c4114e
kernel-rt-doc-3.10.0-327.28.2.rt56.234.el7_2.noarch.rpm SHA-256: 22c7fccf8db4ccdf7054816cb26138bed1a3ea8ede463e0705fd1973a4ab697a
kernel-rt-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 9be7113d95b0899c25a21aeba9f15098739c485cb967f90c1c44368f06a44ce9
kernel-rt-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 417076ba546af92fab2867b917f9d02548d294df8f6dbcf8b1d4ea0042285ffb
kernel-rt-trace-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: 28be3b0ef3ccb50b02b5933e84c54420616972c1d08903307ef199c6fe96eb10
kernel-rt-trace-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: c580efa485c2edd26c3ac84ca73765b52e44bd2b2666bcd17b739abffc2e64b0
kernel-rt-trace-devel-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: c09faca54b9974533d5b726e0db5f9d0d885fd683cc969fbb8438c27e12907ba
kernel-rt-trace-kvm-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: b19b63688bdfd0235da9ce80bfbe3f9465f7b530c1c16d9e5f4e70382e30aeda
kernel-rt-trace-kvm-debuginfo-3.10.0-327.28.2.rt56.234.el7_2.x86_64.rpm SHA-256: bffc32cc3f8f1a8ed8081233040eb8a3e7719822519d5bd9a2a79318355e12ae

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.