Issued:
2018-03-13
Updated:
2018-03-13

RHSA-2018:0502 - Security Advisory

Synopsis

Important: kernel-alt security and bug fix update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-alt packages provide the Linux kernel version 4.x.

Security Fix(es):

  • hw: cpu: speculative execution permission faults handling (CVE-2017-5754, Important)(ppc only)
  • kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak (CVE-2017-17712, Important)
  • kernel: mm/pagewalk.c:walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak (CVE-2017-16994, Moderate)

Bug Fix(es):

  • When changing the Maximum Transmission Unit (MTU) size on Broadcom BCM5717, BCM5718 and BCM5719 chipsets, the tg3 driver sometimes lost synchronization with the device. Consequently, the device became unresponsive. With this update, tg3 has been fixed, and devices no longer hang due to this behavior. (BZ#1533478)
  • Previously, the perf tool used strict string matching to provide related events to a particular CPUID instruction. Consequently, the events were not available on certain IBM PowerPC systems. This update fixes perf to use regular expressions instead of string matching of the entire CPUID string. As a result, the perf tool now supports events on IBM PowerPC architectures as expected. (BZ#1536567)
  • Previously, the kernel debugfs file system implemented removal protection based on sleepable read-copy-update (SRCU), which slowed down the drivers relying on the debugfs_remove_recursive() function. Consequently, a decrease in performance or a deadlock sometimes occurred. This update implements per-file removal protection in debugfs. As a result, the performance of the system has improved significantly. (BZ#1538030)
  • When running the 'perf test' command on a PowerKVM guest multiple times, the branch instructions recorded in Branch History Rolling Buffer (BHRB) entries were sometimes unmapped before the kernel processed the entries. Consequently, the operating system terminated unexpectedly. This update fixes the bug, and the operating system no longer crashes in the described situation. (BZ#1538031)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for ARM 64 7 aarch64
  • Red Hat Enterprise Linux for Power 9 7 ppc64le

Fixes

  • BZ - 1518155 - CVE-2017-16994 kernel: mm/pagewalk.c:walk_hugetlb_range function mishandles holes in hugetlb ranges causing information leak
  • BZ - 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
  • BZ - 1526427 - CVE-2017-17712 kernel: Race condition in raw_sendmsg function allows denial-of-service or kernel addresses leak

Red Hat Enterprise Linux for ARM 64 7

SRPM
kernel-alt-4.11.0-44.6.1.el7a.src.rpm SHA-256: 9695d4c79d4c16c1038395f3d037f3fd395124f4a71415b70e264e3250869eee
aarch64
kernel-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: fbfa5e5f9f4607a0627d00aad17013b2dd5b412cbaea06f4b4abb1060526e213
kernel-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: fbfa5e5f9f4607a0627d00aad17013b2dd5b412cbaea06f4b4abb1060526e213
kernel-abi-whitelists-4.11.0-44.6.1.el7a.noarch.rpm SHA-256: 0f02c9fa781993f480d4c8512fa8568ea579997ca7b82e3d21ba79848db65c16
kernel-debug-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 2e0fd25b5b6bff1606fe0480936e14a44007717f95750f34d3ce74fb33e2de68
kernel-debug-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 4390ac871b56ce69e2136ac5177c01923d016c96f21499a8c94579d22193d6e4
kernel-debug-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 4390ac871b56ce69e2136ac5177c01923d016c96f21499a8c94579d22193d6e4
kernel-debug-devel-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 1a8b0f946c83c4566c771f4c53dbacf5e9b083f2c9312f2b08472fea6ed69448
kernel-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 6e511f27069e05d3f708ba0dc622f894bbffe13dc3623cff0392d8b56e38ed2d
kernel-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 6e511f27069e05d3f708ba0dc622f894bbffe13dc3623cff0392d8b56e38ed2d
kernel-debuginfo-common-aarch64-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 73f7e26c7eaf20d1514120bfd9ff7ded089cb1e1e5716c3031d4c4039eba4413
kernel-debuginfo-common-aarch64-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 73f7e26c7eaf20d1514120bfd9ff7ded089cb1e1e5716c3031d4c4039eba4413
kernel-devel-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: ee62924f7ba1efc7a2e7fbe1c8be3705053c658c46234e1b135b07b81209125b
kernel-doc-4.11.0-44.6.1.el7a.noarch.rpm SHA-256: 69b0d2d12dc0d7b68b03c1626e331e89103edd5d4249a95b3961dc08dd6eb013
kernel-headers-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: a485691f0897f3e85e0dbaa1565d0c5d43bf36f1c7425b5977cda88db11d4be1
kernel-tools-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: f35e3b8948066090e03772dd71fc4898756ecee979efbd8092fbf38f4cfa3194
kernel-tools-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: be54ebc3f9bb2aa2b10f8d5064c53fc625a3e26d12e37f1bac592ebc323fc10f
kernel-tools-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: be54ebc3f9bb2aa2b10f8d5064c53fc625a3e26d12e37f1bac592ebc323fc10f
kernel-tools-libs-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 6d948f6b195c7b6fe26fd5050c33ddc3a89856666a595304f6564fefc1d6b062
kernel-tools-libs-devel-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 5c278886543fc6bf98e3a6a603c208956c9f587528aab7ef135518660c665980
perf-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: d570919a332407be81a5fbc0f159df82db3719d4fa7888dd64f00ee88082b745
perf-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: c66432d65b35916e499b4d9edb5b52688c9440ef4b8ac7553cd78558e4793084
perf-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: c66432d65b35916e499b4d9edb5b52688c9440ef4b8ac7553cd78558e4793084
python-perf-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: eb7825677e2e9eee13af957734b02be2617118e468ebada0e172d7884a31ceed
python-perf-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 67bea25c9c5bd9f7ea38f95f5b9d9823e50c817e8374389b2de99dd7a7e7bc1a
python-perf-debuginfo-4.11.0-44.6.1.el7a.aarch64.rpm SHA-256: 67bea25c9c5bd9f7ea38f95f5b9d9823e50c817e8374389b2de99dd7a7e7bc1a

Red Hat Enterprise Linux for Power 9 7

SRPM
kernel-alt-4.11.0-44.6.1.el7a.src.rpm SHA-256: 9695d4c79d4c16c1038395f3d037f3fd395124f4a71415b70e264e3250869eee
ppc64le
kernel-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: dfe05881abde5f99af7ad6a563db1f204f99f83f23529394172e01a752353c8e
kernel-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: dfe05881abde5f99af7ad6a563db1f204f99f83f23529394172e01a752353c8e
kernel-abi-whitelists-4.11.0-44.6.1.el7a.noarch.rpm SHA-256: 0f02c9fa781993f480d4c8512fa8568ea579997ca7b82e3d21ba79848db65c16
kernel-bootwrapper-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: ca306d49cb25841fed5f3b79eb00e6a96f044fd53d5f1ece7c4c30b2d80496f8
kernel-debug-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 2c38dd879458943190f72544b3937b305b1085af36925aae8aef7c9b24d64a87
kernel-debug-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 5170343f12d5ab519fbe5a4a07a214463a58874273fbdd8570e7401c46996bd8
kernel-debug-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 5170343f12d5ab519fbe5a4a07a214463a58874273fbdd8570e7401c46996bd8
kernel-debug-devel-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: deb04dbcd7c5d2de4cd241e09c992798c924622a42ac16afc8f91efcc6bb2338
kernel-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: c9f292f0fb1d38a59694adedcf8e5f0c623359ce10afac66f8ad2f847fe3fd61
kernel-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: c9f292f0fb1d38a59694adedcf8e5f0c623359ce10afac66f8ad2f847fe3fd61
kernel-debuginfo-common-ppc64le-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 0d3a57de7ca0ff5e5bef7408f92ee4039efa2e01b4a9b918555417f3ef74e140
kernel-debuginfo-common-ppc64le-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 0d3a57de7ca0ff5e5bef7408f92ee4039efa2e01b4a9b918555417f3ef74e140
kernel-devel-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: f887c85416bfc6addc5f7abf78b4067b4ab0d8ebca35d72b291e5759f96eee78
kernel-doc-4.11.0-44.6.1.el7a.noarch.rpm SHA-256: 69b0d2d12dc0d7b68b03c1626e331e89103edd5d4249a95b3961dc08dd6eb013
kernel-headers-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 8aa25dabaf04aeb35c2628ec21919e6c0def73953d80addca0716440c296420c
kernel-tools-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 68ab265900b9a3b5ee1cd5bc16e3d25b9eb5b3abd6015e854b8419d31bea88b4
kernel-tools-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: ea5f7e4a2791b9be55072936b0f4963950560078625b82a6257efdbe2e770c71
kernel-tools-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: ea5f7e4a2791b9be55072936b0f4963950560078625b82a6257efdbe2e770c71
kernel-tools-libs-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 0b5c300b70149a2c6e1e212ea371045128553c6f0844c08f503e9369f494973a
kernel-tools-libs-devel-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: ca852dbd902059b208346316816d36cec4eb28ee0491a31f43154361766d261a
perf-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 19c3c7ad49caa542bf29c77714622e5ccceb065af88876b855d3daa045ea6a50
perf-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: e945db7ced3763f889d8ffd4cfaafadffe8d775b521415702ffaacf24ece2b2b
perf-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: e945db7ced3763f889d8ffd4cfaafadffe8d775b521415702ffaacf24ece2b2b
python-perf-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: 36874e4ce4123874f9f776c9ae537b4a398eacc188f9579c817ae0b8ab94c713
python-perf-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: b82a6e2920943bc50aa835c94cad25925c3b766ba30fdeb7c4d8262b1a36943f
python-perf-debuginfo-4.11.0-44.6.1.el7a.ppc64le.rpm SHA-256: b82a6e2920943bc50aa835c94cad25925c3b766ba30fdeb7c4d8262b1a36943f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.