Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2017:2931 - Security Advisory
Issued:
2017-10-19
Updated:
2017-10-19

RHSA-2017:2931 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: kernel-rt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism requirements.

Security Fix(es):

  • Out-of-bounds kernel heap access vulnerability was found in xfrm, kernel's IP framework for transforming packets. An error dealing with netlink messages from an unprivileged user leads to arbitrary read/write and privilege escalation. (CVE-2017-7184, Important)
  • A race condition issue leading to a use-after-free flaw was found in the way the raw packet sockets are implemented in the Linux kernel networking subsystem handling synchronization. A local user able to open a raw packet socket (requires the CAP_NET_RAW capability) could use this flaw to elevate their privileges on the system. (CVE-2017-1000111, Important)
  • An exploitable memory corruption flaw was found in the Linux kernel. The append path can be erroneously switched from UFO to non-UFO in ip_ufo_append_data() when building an UFO packet with MSG_MORE option. If unprivileged user namespaces are available, this flaw can be exploited to gain root privileges. (CVE-2017-1000112, Important)
  • A flaw was found in the Linux networking subsystem where a local attacker with CAP_NET_ADMIN capabilities could cause an out-of-bounds memory access by creating a smaller-than-expected ICMP header and sending to its destination via sendto(). (CVE-2016-8399, Moderate)
  • Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. This flaw is unlikely to be triggered remotely as certain userspace code is needed for this. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash. Due to the nature of the flaw, privilege escalation cannot be fully ruled out, although it is unlikely. (CVE-2017-7541, Moderate)
  • An integer overflow vulnerability in ip6_find_1stfragopt() function was found. A local attacker that has privileges (of CAP_NET_RAW) to open raw socket can cause an infinite loop inside the ip6_find_1stfragopt() function. (CVE-2017-7542, Moderate)
  • A kernel data leak due to an out-of-bound read was found in the Linux kernel in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() functions present since version 4.7-rc1 through version 4.13. A data leak happens when these functions fill in sockaddr data structures used to export socket's diagnostic information. As a result, up to 100 bytes of the slab data could be leaked to a userspace. (CVE-2017-7558, Moderate)
  • The mq_notify function in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to possibly cause a situation where a value may be used after being freed (use-after-free) which may lead to memory corruption or other unspecified other impact. (CVE-2017-11176, Moderate)
  • A divide-by-zero vulnerability was found in the __tcp_select_window function in the Linux kernel. This can result in a kernel panic causing a local denial of service. (CVE-2017-14106, Moderate)

Red Hat would like to thank Chaitin Security Research Lab for reporting CVE-2017-7184; Willem de Bruijn for reporting CVE-2017-1000111; and Andrey Konovalov for reporting CVE-2017-1000112. The CVE-2017-7558 issue was discovered by Stefano Brivio (Red Hat).

Bug Fix(es):

  • The kernel-rt packages have been upgraded to the 3.10.0-693.5.2 source tree, which provides number of bug fixes over the previous version. (BZ#1489084)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

  • Red Hat Enterprise Linux for Real Time 7 x86_64
  • Red Hat Enterprise Linux for Real Time for NFV 7 x86_64
  • Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7 x86_64

Fixes

  • BZ - 1403833 - CVE-2016-8399 kernel: net: Out of bounds stack read in memcpy_fromiovec
  • BZ - 1435153 - CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm
  • BZ - 1470659 - CVE-2017-11176 kernel: Use-after-free in sys_mq_notify()
  • BZ - 1473198 - CVE-2017-7541 kernel: Possible heap buffer overflow in brcmf_cfg80211_mgmt_tx()
  • BZ - 1473649 - CVE-2017-7542 kernel: Integer overflow in ip6_find_1stfragopt() causes infinite loop
  • BZ - 1479304 - CVE-2017-1000111 kernel: Heap out-of-bounds in AF_PACKET sockets
  • BZ - 1479307 - CVE-2017-1000112 kernel: Exploitable memory corruption due to UFO to non-UFO path switch
  • BZ - 1480266 - CVE-2017-7558 kernel: Out of bounds read in inet_diag_msg_sctp{,l}addr_fill() and sctp_get_sctp_info() in SCTP stack
  • BZ - 1487295 - CVE-2017-14106 kernel: Divide-by-zero in __tcp_select_window
  • BZ - 1489084 - kernel-rt: update to the RHEL7.4.z batch#2 source tree

CVEs

  • CVE-2016-8399
  • CVE-2017-1000111
  • CVE-2017-1000112
  • CVE-2017-11176
  • CVE-2017-14106
  • CVE-2017-7184
  • CVE-2017-7541
  • CVE-2017-7542
  • CVE-2017-7558

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for Real Time 7

SRPM
kernel-rt-3.10.0-693.5.2.rt56.626.el7.src.rpm SHA-256: 26a3efb3f28cc71122a6f4b66c0008387c2ac736debd3c01002cfa9df03d07fa
x86_64
kernel-rt-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 54ccbcf9fc9dd6d880f8242244de57a61771a97945c71afacc56a1e43e07c56c
kernel-rt-debug-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: ee283a397832c2a1f1351f08d9c80534f953690bb6e437e58bab63c877983b80
kernel-rt-debug-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 6592f17e87b01a0f387f7fe36fba438027179e8be114a9c45e8c791821942c59
kernel-rt-debug-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 7778c40330fbeb8264ee588bf9a773b9877d874d4b7179fe23974fd69d72b2dd
kernel-rt-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: e84f42aac6e0a684cf86d0b84b4cc5ef469ab4fd046ed95cbc0ccc1f9e4a686d
kernel-rt-debuginfo-common-x86_64-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: c2944e5cf07e3b39ca391fea6dcf9b5e9e7bb7e7faf6d29ab66ce037893df84d
kernel-rt-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9ef65937d09f66929f0f628a363f4853c62d00abeecfdd0c1819db8929d3ebbd
kernel-rt-doc-3.10.0-693.5.2.rt56.626.el7.noarch.rpm SHA-256: a8eb030f5b0b28707ba9332539395ef102a1993afb5146428eb9a710c76f7c6b
kernel-rt-trace-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9c7c48c46917fc6619bec746f8ecaa22edcb4943e331f226bfdbbb6acb0b25e7
kernel-rt-trace-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f642d4359e1bc8a20fff318029af19c19725ad9f7795949ede90839e251aa268
kernel-rt-trace-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f43d3dee6297ecae45fb1f0e3ebb8fdf1d183c5423e5dd5cb039ca0c4a8e060d

Red Hat Enterprise Linux for Real Time for NFV 7

SRPM
kernel-rt-3.10.0-693.5.2.rt56.626.el7.src.rpm SHA-256: 26a3efb3f28cc71122a6f4b66c0008387c2ac736debd3c01002cfa9df03d07fa
x86_64
kernel-rt-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 54ccbcf9fc9dd6d880f8242244de57a61771a97945c71afacc56a1e43e07c56c
kernel-rt-debug-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: ee283a397832c2a1f1351f08d9c80534f953690bb6e437e58bab63c877983b80
kernel-rt-debug-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 6592f17e87b01a0f387f7fe36fba438027179e8be114a9c45e8c791821942c59
kernel-rt-debug-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 7778c40330fbeb8264ee588bf9a773b9877d874d4b7179fe23974fd69d72b2dd
kernel-rt-debug-kvm-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: dc1c04014b8dafed32e4239f3da3125cca3987bab2042c9ef0988649649160de
kernel-rt-debug-kvm-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: c85fccc40db834ef64366df01d5dd06b44bc8856f651624cbb9805977b389130
kernel-rt-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: e84f42aac6e0a684cf86d0b84b4cc5ef469ab4fd046ed95cbc0ccc1f9e4a686d
kernel-rt-debuginfo-common-x86_64-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: c2944e5cf07e3b39ca391fea6dcf9b5e9e7bb7e7faf6d29ab66ce037893df84d
kernel-rt-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9ef65937d09f66929f0f628a363f4853c62d00abeecfdd0c1819db8929d3ebbd
kernel-rt-doc-3.10.0-693.5.2.rt56.626.el7.noarch.rpm SHA-256: a8eb030f5b0b28707ba9332539395ef102a1993afb5146428eb9a710c76f7c6b
kernel-rt-kvm-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: fa9019b5def49a4c5970fda5de25435952888c40ec396555c2fcb9b1e1e7b1a8
kernel-rt-kvm-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 4786ed6b716d04eb776eff8afca3653546f49212d95ef7f16cb4db3f5d21190b
kernel-rt-trace-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9c7c48c46917fc6619bec746f8ecaa22edcb4943e331f226bfdbbb6acb0b25e7
kernel-rt-trace-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f642d4359e1bc8a20fff318029af19c19725ad9f7795949ede90839e251aa268
kernel-rt-trace-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f43d3dee6297ecae45fb1f0e3ebb8fdf1d183c5423e5dd5cb039ca0c4a8e060d
kernel-rt-trace-kvm-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 3ed128061ce34c0bbbd5a3347db138c25a4cc221dcc25e01a7986072a4a4a47f
kernel-rt-trace-kvm-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: e6e815458655e26ba2cbba1cdd51e04d3fe7b21b747519c6540d3878abc9608f

Red Hat Enterprise Linux for Real Time for x86_64 - Extended Life Cycle Support 7

SRPM
kernel-rt-3.10.0-693.5.2.rt56.626.el7.src.rpm SHA-256: 26a3efb3f28cc71122a6f4b66c0008387c2ac736debd3c01002cfa9df03d07fa
x86_64
kernel-rt-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 54ccbcf9fc9dd6d880f8242244de57a61771a97945c71afacc56a1e43e07c56c
kernel-rt-debug-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: ee283a397832c2a1f1351f08d9c80534f953690bb6e437e58bab63c877983b80
kernel-rt-debug-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 6592f17e87b01a0f387f7fe36fba438027179e8be114a9c45e8c791821942c59
kernel-rt-debug-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 7778c40330fbeb8264ee588bf9a773b9877d874d4b7179fe23974fd69d72b2dd
kernel-rt-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: e84f42aac6e0a684cf86d0b84b4cc5ef469ab4fd046ed95cbc0ccc1f9e4a686d
kernel-rt-debuginfo-common-x86_64-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: c2944e5cf07e3b39ca391fea6dcf9b5e9e7bb7e7faf6d29ab66ce037893df84d
kernel-rt-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9ef65937d09f66929f0f628a363f4853c62d00abeecfdd0c1819db8929d3ebbd
kernel-rt-doc-3.10.0-693.5.2.rt56.626.el7.noarch.rpm SHA-256: a8eb030f5b0b28707ba9332539395ef102a1993afb5146428eb9a710c76f7c6b
kernel-rt-trace-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: 9c7c48c46917fc6619bec746f8ecaa22edcb4943e331f226bfdbbb6acb0b25e7
kernel-rt-trace-debuginfo-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f642d4359e1bc8a20fff318029af19c19725ad9f7795949ede90839e251aa268
kernel-rt-trace-devel-3.10.0-693.5.2.rt56.626.el7.x86_64.rpm SHA-256: f43d3dee6297ecae45fb1f0e3ebb8fdf1d183c5423e5dd5cb039ca0c4a8e060d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat, Inc.

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility