Issued:
2017-05-25
Updated:
2017-05-25

RHSA-2017:1298 - Security Advisory

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • It was found that the packet_set_ring() function of the Linux kernel's networking implementation did not properly validate certain block-size data. A local attacker with CAP_NET_RAW capability could use this flaw to trigger a buffer overflow, resulting in the crash of the system. Due to the nature of the flaw, privilege escalation cannot be fully ruled out. (CVE-2017-7308, Important)
  • Mounting a crafted EXT4 image read-only leads to an attacker controlled memory corruption and SLAB-Out-of-Bounds reads. (CVE-2016-10208, Moderate)
  • A flaw was found in the Linux kernel's implementation of seq_file where a local attacker could manipulate memory in the put() function pointer. This could lead to memory corruption and possible privileged escalation. (CVE-2016-7910, Moderate)
  • A vulnerability was found in the Linux kernel. An unprivileged local user could trigger oops in shash_async_export() by attempting to force the in-kernel hashing algorithms into decrypting an empty data set. (CVE-2016-8646, Moderate)

Red Hat would like to thank Igor Redko (Virtuozzo kernel team) for reporting CVE-2016-8646.

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-514.21.1 source tree, which provides a number of bug fixes over the previous version. (BZ#1440803)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64

Fixes

  • BZ - 1388821 - CVE-2016-8646 kernel: Oops in shash_async_export()
  • BZ - 1395190 - CVE-2016-10208 kernel: EXT4 memory corruption / SLAB out-of-bounds read
  • BZ - 1399727 - CVE-2016-7910 kernel: Use after free in seq file
  • BZ - 1437404 - CVE-2017-7308 kernel: net/packet: overflow in check for priv area size
  • BZ - 1440803 - kernel-rt: update to the RHEL7.3.z batch#5 source tree [rhel-7.3.z]

CVEs

References

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm SHA-256: bbf19c65c50cb071a6f8bd7d2095c45b58c462c313336aa6ed79bae36043ab13
x86_64
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 6bc752be56c016f700d08d8215944da9893508a5d1c2e12b28983cfabf81e109
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 4ea1f899773f9517087db06197103e10ecda771209794b5d5e26baf66007c1cc
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 24605c2bae65bef139346e287328b579f003c5514c3df276b7a71b105b0ddbe4
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ddc858f6031d563184a031a2c80f9cc25475a423029bbbe9636a8611cc82b15e
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ce3de1cabe55ac510b6da4d1a50383e3411d707d0e6db90b9b5397b6aea5b98e
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: eb38601053bb4332e5b53ca2afe99807e56f31f5beaab1358521c16472376166
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a5aa5d7c750561640d7c6aee1357f8a62ac369eb1246245b1a8c6ae59dba526c
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm SHA-256: 5568b1c87fd388506ef2d7e7ac3aed5e3ac060a238e84ab969724cce25df9e65
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 79e3aff1646f3a3ee977323152a762458f6af7870540c4ea6e1406be2ff3dbfd
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 3627ffe2aa4f57b9c37cf1ec8b0130094a14bbefa57e5d857567657d042fc47b
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: dfe33c4a56ea069f1afbb623a8850bdc9b6392198fff26ae706966013babf5e9

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-514.21.1.rt56.438.el7.src.rpm SHA-256: bbf19c65c50cb071a6f8bd7d2095c45b58c462c313336aa6ed79bae36043ab13
x86_64
kernel-rt-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 6bc752be56c016f700d08d8215944da9893508a5d1c2e12b28983cfabf81e109
kernel-rt-debug-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 4ea1f899773f9517087db06197103e10ecda771209794b5d5e26baf66007c1cc
kernel-rt-debug-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 24605c2bae65bef139346e287328b579f003c5514c3df276b7a71b105b0ddbe4
kernel-rt-debug-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ddc858f6031d563184a031a2c80f9cc25475a423029bbbe9636a8611cc82b15e
kernel-rt-debug-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 1a5923d54957c5337b9a1737148bad01ba787ea02362d1dab7166bf954c4d204
kernel-rt-debug-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 8e68d3f1ca041547293f9b62ffccad5cee16efe854941c1d70eec9d5b13c0aab
kernel-rt-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ce3de1cabe55ac510b6da4d1a50383e3411d707d0e6db90b9b5397b6aea5b98e
kernel-rt-debuginfo-common-x86_64-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: eb38601053bb4332e5b53ca2afe99807e56f31f5beaab1358521c16472376166
kernel-rt-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a5aa5d7c750561640d7c6aee1357f8a62ac369eb1246245b1a8c6ae59dba526c
kernel-rt-doc-3.10.0-514.21.1.rt56.438.el7.noarch.rpm SHA-256: 5568b1c87fd388506ef2d7e7ac3aed5e3ac060a238e84ab969724cce25df9e65
kernel-rt-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: c897a173da8ba6699b2cc65c7743e8dff8b50e9a6365c462da3bcb8399546048
kernel-rt-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: c07009347e51dc4f88afca4376a7fd0bedab8c53e9e0dfe05f83d8902d1fcea4
kernel-rt-trace-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 79e3aff1646f3a3ee977323152a762458f6af7870540c4ea6e1406be2ff3dbfd
kernel-rt-trace-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: 3627ffe2aa4f57b9c37cf1ec8b0130094a14bbefa57e5d857567657d042fc47b
kernel-rt-trace-devel-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: dfe33c4a56ea069f1afbb623a8850bdc9b6392198fff26ae706966013babf5e9
kernel-rt-trace-kvm-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: ab6d449ee5ef34826a8b16e631c2ccf8a534c9077debe58c2d3ce161da406b04
kernel-rt-trace-kvm-debuginfo-3.10.0-514.21.1.rt56.438.el7.x86_64.rpm SHA-256: a43bab17fcf3accc34283810d2358c8086a353b7f5e1c90d6e0cb8ea403bc1cd

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.