To get released updates to address this issue use the Resolve tab.
Red Hat Product Security has been made aware of a vulnerability affecting Linux systems that allows for privilege escalation. This vulnerability has been assigned two CVE names, CVE-2017-1000364 for the Linux kernel and CVE-2017-1000366 for glibc. This issue was publicly disclosed on June 19th, 2017 and has been rated as Important.
Qualys has released a security advisory showing practical methods for circumventing an exploit protection mechanism known as the "stack guard page".
What is a stack guard page?
What is the flaw?
What are the attack vectors?
This vulnerability is in fact a class of attacks against a category of memory protections and mitigation mechanisms. The attacks can be performed through any of the traditionally known attack vectors, however the CVSS scores provided by Red Hat are a worse-case scenario. We expect the most common form of attack will be attackers with a local account, able to control the conditions in which processes are started. Network-facing processes may be affected, and Red Hat strongly recommends upgrading the kernel and glibc to minimise these attack vectors.
What are the side effects of these mitigation patches?
At the time of this writing there is a known issue introduced by the kernel patch which creates overlapping values in /proc/meminfo. This should not affect the functional application of the system and protection provided by the kernel. A patch to address this issue may be released at a later date.
Some processes which set threads stack guard size manually may not correctly handle the guard page size change and may need to be adjusted to the new changed size (See man pthread_attr_setguardsize) and correctly handle this changed condition.
Red Hat would like to thank Qualys Research Labs for reporting this flaw.
Successful exploitation of this vulnerability could allow an attacker to escalate privileges and potentially run malicious code.
Red Hat Product Security has rated this update as having a security impact of Important.
The following Red Hat product versions are impacted:
- Red Hat Enterprise Linux 5
- Red Hat Enterprise Linux 6
- Red Hat Enterprise Linux 7
- Red Hat Enterprise MRG 2.5
- Red Hat Virtualization
- RHEL Atomic Host
Diagnose your vulnerability
All Red Hat customers running affected products are strongly recommended to update as soon as patches are available. Details about impacted packages are noted below. A system reboot is required in order for the kernel update to be applied.
A kpatch for customers running Red Hat Enterprise Linux 7.2 or greater is available. Please open a support case to gain access to the kpatch.
For more details about what a kpatch is: Is live kernel patching (kpatch) supported in RHEL 7?
|Red Hat Enterprise Linux 7||kernel||RHSA-2017:1484|
|Red Hat Enterprise Linux 7||kernel-rt||RHSA-2017:1616|
|Red Hat Enterprise Linux 7||glibc||RHSA-2017:1481|
|Red Hat Enterprise Linux 7.2 Extended Update Support**||kernel||RHSA-2017:1485|
|Red Hat Enterprise Linux 7.2 Extended Update Support**||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 6||kernel||RHSA-2017:1486|
|Red Hat Enterprise Linux 6||glibc||RHSA-2017:1480|
|Red Hat Enterprise Linux 6.7 Extended Update Support**||kernel||RHSA-2017:1487|
|Red Hat Enterprise Linux 6.7 Extended Update Support**||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 6.6 Advanced Update Support***||kernel||RHSA-2017:1488|
|Red Hat Enterprise Linux 6.6 Advanced Update Support***||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 6.5 Advanced Update Support***||kernel||RHSA-2017:1489|
|Red Hat Enterprise Linux 6.5 Advanced Update Support***||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 6.4 Advanced Update Support***||kernel||RHSA-2017:1490|
|Red Hat Enterprise Linux 6.4 Advanced Update Support***||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 6.2 Advanced Update Support***||kernel||RHSA-2017:1491|
|Red Hat Enterprise Linux 5 ELS*||kernel||RHSA-2017:1482|
|Red Hat Enterprise Linux 5 ELS*||glibc||RHSA-2017:1479|
|Red Hat Enterprise Linux 5.9 Advanced Update Support***||kernel||RHSA-2017:1483|
|Red Hat Enterprise Linux 5.9 Advanced Update Support***||glibc||RHSA-2017:1479|
|RHEL Atomic Host||kernel||Images respun on 21June2017|
|Red Hat Enterprise MRG 2||kernel-rt||RHSA-2017:1647|
|Red Hat Virtualization Hypervisor (RHV-H) Image 3.6||kernel||RHEA-2017:1569|
|Red Hat Enterprise Virtualization (RHEV-H) Hypervisor 3.6||kernel||RHBA-2017:1568|
|Red Hat Enterprise Virtualization Manager (RHEV-M) Appliance 3.6||kernel||RHBA-2017:1571|
|Red Hat Virtualization Hypervisor (RHV-H) Image 4.1||kernel||RHBA-2017:1566|
|Red Hat Virtualization Manager (RHV-M) Appliance 4.1||kernel||RHEA-2017:1570|
*An active ELS subscription is required for access to this patch.
Please contact Red Hat sales or your specific sales representative for more information if your account does not have an active ELS subscription.
**An active EUS subscription is required for access to this patch.
Please contact Red Hat sales or your specific sales representative for more information if your account does not have an active EUS subscription.
***An active AUS subscription is required for access to this patch in RHEL AUS.
An Ansible playbook is available.
The playbook runs against a variable named HOSTS, and can be invoked as follows (assuming 'hostname' is defined in your inventory file):
# ansible-playbook -e HOSTS=hostname cve-2017-1000366.yml
This playbook requires root privileges, so you may need to specify --become if it's not defined for 'hostname' in your inventory file.