Table of Contents
This issue does not affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2.
This issue affects the Linux kernel packages as shipped with Red Hat Enterprise Linux 7 starting with the version kernel-3.10.0-514.el7, that is with Red Hat Enterprise Linux 7.3 GA. Prior Red Hat Enterprise Linux 7 kernel versions are not affected.
In order to exploit this issue, the system needs to be manually configured by privileged user. The default Red Hat Enterprise Linux 7 configuration is not vulnerable.
CVSS v3 metrics
|CVSS3 Base Score||8.1|
|CVSS3 Base Metrics||CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H|
Red Hat Security Errata
|Red Hat Enterprise Linux 7 (kernel)||RHSA-2017:1615||2017-06-28|
|Red Hat Enterprise Linux for Real Time for NFV (v. 7) (kernel-rt)||RHSA-2017:1616||2017-06-28|
Affected Packages State
|Red Hat Enterprise MRG 2||realtime-kernel||Not affected|
|Red Hat Enterprise Linux 6||kernel||Not affected|
|Red Hat Enterprise Linux 5||kernel||Not affected|
Red Hat recommends blacklisting the kernel module to prevent its use. This will prevent accidental version loading by administration and also mitigate the flaw if a kernel with the affected module is booted.
As the macsec module will be auto-loaded when required, its use can be disabled by preventing the module from loading with the following instructions:
# echo "install macsec /bin/true" >> /etc/modprobe.d/disable-macsec.conf
If macsec functionality is in use as a functional part of the system a kernel upgrade is required.