Synopsis

Important: kernel-alt security, bug fix, and enhancement update

Type/Severity

Security Advisory: Important

Topic

An update for kernel-alt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The kernel-alt packages provide the Linux kernel version 4.x.

The following packages have been upgraded to a later upstream version: kernel-alt (4.14.0). (BZ#1492717)

Security Fix(es):

• An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.
  

Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5715, Important, ARM)

Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. (CVE-2017-5753, Important, ARM)

Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. (CVE-2017-5754, Important, ARM)

• kernel: memory leak when merging buffers in SCSI IO vectors (CVE-2017-12190, Moderate)
  
• kernel: net: double-free and memory corruption in get_net_ns_by_id() (CVE-2017-15129, Moderate)
  
• kernel: Incorrect updates of uninstantiated keys crash the kernel (CVE-2017-15299, Moderate)
  
• kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure (CVE-2017-17448, Moderate)
  
• kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity (CVE-2017-17449, Moderate)
  
• kernel: Arbitrary stack overwrite causing oops via crafted signal frame (CVE-2017-1000255, Moderate)
  
• kernel: Stack information leak in the EFS element (CVE-2017-1000410, Moderate)
  
• kernel: Race condition in sound system can lead to denial of service (CVE-2018-1000004, Moderate)
  
• kernel: Buffer overflow in mp_override_legacy_irq() (CVE-2017-11473, Low)
  
• kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact (CVE-2018-6927, Low)
  

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Red Hat would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754; Vitaly Mayatskih for reporting CVE-2017-12190; Kirill Tkhai for reporting CVE-2017-15129; Michael Ellerman, Gustavo Romero, Breno Leitao, Paul Mackerras, and Cyril Bur for reporting CVE-2017-1000255; and Armis Labs for reporting CVE-2017-1000410.

Additional Changes:

See the Red Hat Enterprise Linux 7.5 Release Notes linked from References.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

Affected Products

• Red Hat Enterprise Linux for ARM 64 7 aarch64
• Red Hat Enterprise Linux for Power 9 7 ppc64le
• Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

• BZ - 1473209 - CVE-2017-11473 kernel: Buffer overflow in mp_override_legacy_irq()
• BZ - 1495089 - CVE-2017-12190 kernel: memory leak when merging buffers in SCSI IO vectors
• BZ - 1498016 - CVE-2017-15299 kernel: Incorrect updates of uninstantiated keys crash the kernel
• BZ - 1498067 - CVE-2017-1000255 kernel: Arbitrary stack overwrite causing oops via crafted signal frame
• BZ - 1501794 - [7.4-ALT]: SEEK_HOLE/SEEK_DATA with a negative file offset test fails
• BZ - 1519160 - CVE-2017-1000410 kernel: Stack information leak in the EFS element
• BZ - 1519778 - CVE-2017-5753 hw: cpu: speculative execution bounds-check bypass
• BZ - 1519780 - CVE-2017-5715 hw: cpu: speculative execution branch target injection
• BZ - 1519781 - CVE-2017-5754 hw: cpu: speculative execution permission faults handling
• BZ - 1525762 - CVE-2017-17449 kernel: Missing namespace check in net/netlink/af_netlink.c allows for network monitors to observe systemwide activity
• BZ - 1525768 - CVE-2017-17448 kernel: Missing capabilities check in net/netfilter/nfnetlink_cthelper.c allows for unprivileged access to systemwide nfnl_cthelper_list structure
• BZ - 1531174 - CVE-2017-15129 kernel: net: double-free and memory corruption in get_net_ns_by_id()
• BZ - 1535315 - CVE-2018-1000004 kernel: Race condition in sound system can lead to denial of service
• BZ - 1544612 - CVE-2018-6927 kernel: Integer overflow in futex.c:futux_requeue can lead to denial of service or unspecified impact

CVEs

• CVE-2017-11473
• CVE-2017-12190
• CVE-2017-12192
• CVE-2017-15129
• CVE-2017-15299
• CVE-2017-15306
• CVE-2017-16939
• CVE-2017-17448
• CVE-2017-17449
• CVE-2017-1000255
• CVE-2017-1000410
• CVE-2018-6927
• CVE-2018-1000004

References

• https://access.redhat.com/security/updates/classification/#important
• https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.5_Release_Notes/index.html

Red Hat Enterprise Linux for ARM 64 7

SRPM
kernel-alt-4.14.0-49.el7a.src.rpm	SHA-256: 451867151e0360c2d38f87b4f074af06595dd61d1e2f0922a79a57c1766d0968
aarch64
kernel-4.14.0-49.el7a.aarch64.rpm	SHA-256: e0827835be151c17f90271133446620a6c1eadc1d68a0570959e41d31d9b7480
kernel-abi-whitelists-4.14.0-49.el7a.noarch.rpm	SHA-256: 3fef59c4712842da15cdd52c118f8b76cc0d2a242ae8485d435993ab489c0608
kernel-debug-4.14.0-49.el7a.aarch64.rpm	SHA-256: 70a79290ddcb3457c089cddf125b5fdcf5b8e4f3de06e42a6bf05b0d12323a77
kernel-debug-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 2099e470317bd6d2bd4e8bb2084350ca3871d3f0c27c507efa8c9e8dd70d6d61
kernel-debug-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 2099e470317bd6d2bd4e8bb2084350ca3871d3f0c27c507efa8c9e8dd70d6d61
kernel-debug-devel-4.14.0-49.el7a.aarch64.rpm	SHA-256: 3df585dd7e67e5841503b374ac2b8dfc874a51f82a87c8ae92067dfd65224305
kernel-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 700a3a5a69e35f553488ba3010a1e1ea20b09d962af1f7155a58218ae684c104
kernel-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 700a3a5a69e35f553488ba3010a1e1ea20b09d962af1f7155a58218ae684c104
kernel-debuginfo-common-aarch64-4.14.0-49.el7a.aarch64.rpm	SHA-256: 403a15430d6e8cda0f9d82035ff73ca8217c6838764537bb0cd720f80b06646f
kernel-debuginfo-common-aarch64-4.14.0-49.el7a.aarch64.rpm	SHA-256: 403a15430d6e8cda0f9d82035ff73ca8217c6838764537bb0cd720f80b06646f
kernel-devel-4.14.0-49.el7a.aarch64.rpm	SHA-256: e5e1ba1a00a6ac12f4d873f3ac30761ba77e093f4ce915bac88ceea16e57ed4d
kernel-doc-4.14.0-49.el7a.noarch.rpm	SHA-256: 3e16eb665bd39305001fb815ec161a2527d1e16c6042f871d95f52ea8213cbfb
kernel-headers-4.14.0-49.el7a.aarch64.rpm	SHA-256: 9df70ea3c191f0d2eb292c2145d87fef489d5e0963ba4a4cae2067143016c499
kernel-tools-4.14.0-49.el7a.aarch64.rpm	SHA-256: 449cd726b3cc35c62ccc1af0346629be39cb9f8a015699de8bf943cb200f8cc5
kernel-tools-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 228d3aeb6956af01d4fe3d6666cbd0502c496ad59285da5d862b28b1461cca1e
kernel-tools-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 228d3aeb6956af01d4fe3d6666cbd0502c496ad59285da5d862b28b1461cca1e
kernel-tools-libs-4.14.0-49.el7a.aarch64.rpm	SHA-256: 47aece2a16f8b66814dab33c7eb8fa8f131c1bcc4929e504d694d2a9438e5896
kernel-tools-libs-devel-4.14.0-49.el7a.aarch64.rpm	SHA-256: 40e6d30d68abca1aefe8f679b42a2d1eb4dc3013f7da52eda5e3d54e620b78f8
perf-4.14.0-49.el7a.aarch64.rpm	SHA-256: 1becb1e8795ea6487db8c13a6fd2e97d9a4c14d81221b09f71b3c465b8a08206
perf-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 4511875d6feac2a7d24309add8fba7398d35c242968c5aba52b3f69438bb463f
perf-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 4511875d6feac2a7d24309add8fba7398d35c242968c5aba52b3f69438bb463f
python-perf-4.14.0-49.el7a.aarch64.rpm	SHA-256: b5642817ec1d60b233f4736cf0d6b52dc6a364ac179b4170e30fad4e4817ab30
python-perf-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 64c94bba82492f13394d34dc38e4025c6477a133b472c1079ef429e5d8bc0948
python-perf-debuginfo-4.14.0-49.el7a.aarch64.rpm	SHA-256: 64c94bba82492f13394d34dc38e4025c6477a133b472c1079ef429e5d8bc0948

Red Hat Enterprise Linux for Power 9 7

SRPM
kernel-alt-4.14.0-49.el7a.src.rpm	SHA-256: 451867151e0360c2d38f87b4f074af06595dd61d1e2f0922a79a57c1766d0968
ppc64le
kernel-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 2142dffccb3add4e6d37c128305e827e6510a9c4cde09b4d5d75c4a0539bd4d4
kernel-abi-whitelists-4.14.0-49.el7a.noarch.rpm	SHA-256: 3fef59c4712842da15cdd52c118f8b76cc0d2a242ae8485d435993ab489c0608
kernel-bootwrapper-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 29cf80049cdf9052d4913483e28c3ebbbc781d7ba2f39e49d6363650bd2ad419
kernel-debug-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 6b79a8d186d3905821cc99eb752cc5bd04fdc4bae1952bf1e0840fa34e63866a
kernel-debug-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: ce1206b7b750f035099f3bda581e08d4f33a8e811b7eeecbc94340ebe176150d
kernel-debug-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: ce1206b7b750f035099f3bda581e08d4f33a8e811b7eeecbc94340ebe176150d
kernel-debug-devel-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 09701517a8c0f460a8201da0ee52e5b69d698060e7061c71ee208601b50385a0
kernel-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 1249f2828b58146ba6ab2dad4db02ff388650cd46e40d505659827a03cdac889
kernel-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 1249f2828b58146ba6ab2dad4db02ff388650cd46e40d505659827a03cdac889
kernel-debuginfo-common-ppc64le-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 8fddd8b5289786517bea3951f41625109f0e9fd7fb9dfd37ab9964dcdff0853e
kernel-debuginfo-common-ppc64le-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 8fddd8b5289786517bea3951f41625109f0e9fd7fb9dfd37ab9964dcdff0853e
kernel-devel-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 95bc31291643afc00e59f073d4a70e5fc46ccd824d1101503746fb30c22507a4
kernel-doc-4.14.0-49.el7a.noarch.rpm	SHA-256: 3e16eb665bd39305001fb815ec161a2527d1e16c6042f871d95f52ea8213cbfb
kernel-headers-4.14.0-49.el7a.ppc64le.rpm	SHA-256: d4fd4439f3611234c630491c63cc22fac7a6c5c7efa919839714f43d1d3952ac
kernel-tools-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 30ca7dd6549e7e23f217c23252796e695fec7b8bd0d5f759844538a2a7801fa2
kernel-tools-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 2151e9d76df1836d0afdff602f240d29a19fc83ac33921e6c878839c27e08fac
kernel-tools-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 2151e9d76df1836d0afdff602f240d29a19fc83ac33921e6c878839c27e08fac
kernel-tools-libs-4.14.0-49.el7a.ppc64le.rpm	SHA-256: ccc22665ff2781cdb746ae218de617f8c288e5c48788acffb1573f9128bb6b9c
kernel-tools-libs-devel-4.14.0-49.el7a.ppc64le.rpm	SHA-256: bcdb9693656dbcc400ff2718a6403f9823a163478a6cde0e54348367c6de07ca
perf-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 96c54e37ca66cb47ddc64578e257d387423695bdcf6390abaa09d6512773178f
perf-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 044324411d233b2766c1f29179d1d1904e954c14c7d5b32ae310de1e1e8194f6
perf-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 044324411d233b2766c1f29179d1d1904e954c14c7d5b32ae310de1e1e8194f6
python-perf-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 8ea9af4f80125bb02d04edd0eb93746574dfcb3c8e2a854a28128a3ae2cb0617
python-perf-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 61e5b121fa5f59a6d81ed9141553d38c1cdcc2bc02b3d89f22ac31b804de7ab0
python-perf-debuginfo-4.14.0-49.el7a.ppc64le.rpm	SHA-256: 61e5b121fa5f59a6d81ed9141553d38c1cdcc2bc02b3d89f22ac31b804de7ab0

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
kernel-alt-4.14.0-49.el7a.src.rpm	SHA-256: 451867151e0360c2d38f87b4f074af06595dd61d1e2f0922a79a57c1766d0968
s390x
kernel-4.14.0-49.el7a.s390x.rpm	SHA-256: 275ac5d2415a5d4b5bfa1f8db01ec6474f266b4fb2104acd95e623af3660fc56
kernel-abi-whitelists-4.14.0-49.el7a.noarch.rpm	SHA-256: 3fef59c4712842da15cdd52c118f8b76cc0d2a242ae8485d435993ab489c0608
kernel-debug-4.14.0-49.el7a.s390x.rpm	SHA-256: 841437e7267a1ca92e95064b8ebe1deea832098800ea9c6285a8f0384d373edd
kernel-debug-debuginfo-4.14.0-49.el7a.s390x.rpm	SHA-256: 3cf04dd8df7eb297dd2527685e4d993f5c22a9353fe377e7f0e91c51701efa36
kernel-debug-devel-4.14.0-49.el7a.s390x.rpm	SHA-256: a3590fa6ee2de9870317670c536de2d020644534dcfc1b093d4f2bd0ce846949
kernel-debuginfo-4.14.0-49.el7a.s390x.rpm	SHA-256: 6ed0c6c91e38cecae990fce5fc750a7d453934dc686af153d0e2a4076833693c
kernel-debuginfo-common-s390x-4.14.0-49.el7a.s390x.rpm	SHA-256: 337acc70200dd0f31dbfc4317b7fecb2d497f11ca3a027203bb3080de4f39a90
kernel-devel-4.14.0-49.el7a.s390x.rpm	SHA-256: 0b282387737ead62d9a05b6ff11304439034fcd8306a2ed827da7cab59eff98e
kernel-doc-4.14.0-49.el7a.noarch.rpm	SHA-256: 3e16eb665bd39305001fb815ec161a2527d1e16c6042f871d95f52ea8213cbfb
kernel-headers-4.14.0-49.el7a.s390x.rpm	SHA-256: f5ee7a90cb42e9c2237c4c02c5983328df071cb7f3677fce03af47b970571b29
kernel-kdump-4.14.0-49.el7a.s390x.rpm	SHA-256: 8771095e9ba8a0bb8a99aa6e80fd0a29c7e21d6cb53e45b7b4c7c65adc52f022
kernel-kdump-debuginfo-4.14.0-49.el7a.s390x.rpm	SHA-256: 52c01c18da4196d424305d64d84f0ed37ee6f603a53ee0b5670f92ef0b25b0ca
kernel-kdump-devel-4.14.0-49.el7a.s390x.rpm	SHA-256: 923ac68d26dc23996b5852d8ca6e239ab78f89f4a36c97ffb1159beb33bc170b
perf-4.14.0-49.el7a.s390x.rpm	SHA-256: 1f728175d2be17b60a8cc464c5cc9240aa17e9823205e3694e381d3480358892
perf-debuginfo-4.14.0-49.el7a.s390x.rpm	SHA-256: 0b611f3e681a038802836dd1afbf265cef7c42d8b33aa7fb98c73c9cbc7b27f0
python-perf-4.14.0-49.el7a.s390x.rpm	SHA-256: 5915267aaa001d25b0ff7e8f8f17fe422b3aa1770154e5e2b76cae8d958f8c0d
python-perf-debuginfo-4.14.0-49.el7a.s390x.rpm	SHA-256: 0be16eddb568a026e3d602f66a00eacb48f816b96e15d09f93ec3b4d40578bc1