RHEL 7 : kernel (RHSA-2017:2770)

This script is Copyright (C) 2017 Tenable Network Security, Inc.

Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An update for kernel is now available for Red Hat Enterprise Linux 7.3
Extended Update Support.

Red Hat Product Security has rated this update as having a security
impact of Important. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es) :

* A race condition was found in the Linux kernel, present since
v3.14-rc1 through v4.12. The race happens between threads of
inotify_handle_event() and vfs_rename() while running the rename
operation against the same file. As a result of the race the next slab
data or the slab's free list pointer can be corrupted with
attacker-controlled data, which may lead to the privilege escalation.
(CVE-2017-7533, Important)

Red Hat would like to thank Leilei Lin (Alibaba Group), Fan Wu (The
University of Hong Kong), and Shixiong Zhao (The University of Hong
Kong) for reporting this issue.

Bug Fix(es) :

* Previously, the sha1-avx2 optimized hashing, which is used on
processors supporting avx2, under certain conditions miscalculated an
offset. Consequently, a kernel crash occasionally occurred on the NFS
clients or servers using the krb5 security. With this update, the
optimized hashing path for sha1-avx2 has been disabled, and the NFS
clients and servers with krb5 security no longer experience the
miscalculation and subsequent crash. (BZ#1446230)

* When virt boundary limit was set, lots of small bios could not be
merged even though they were contiguous physically. In some workload,
such as mkfs.ntfs, system performance could be ten times degraded. The
proposed patch fixes the bug by allowing to merge these small bios,
which improves performance of mkfs.ntfs on devices significantly.

* When executing the mkfs.btrfs command to create a btrfs file system
over Non-Volatile Memory Express (NVMe), kernel panic was previously
triggered. The underlying code has been patched to fix this
regression, and btrfs is now created successfully in the described
scenario. (BZ#1472675)

* As a side effect of BZ#147263, the system previously crashed when
creating a container device. The provided patch transforms the
resched_task() function into resched_curr(), and the chance of kernel
crash is thus reduced in the aforementioned situation. (BZ#1473742)

* Due to incorrectly used memory in VXLAN driver (a use-after-free bug
and list corruption), the kernel could previously panic under some
circumstances while bringing the VXLAN interfaces down. The provided
patch fixes the memory corruptions, and the panic no longer occurs in
this situation. (BZ#1474263)

* A race condition could cause the in-flight asynchronous buffers
count (bt_io_count) to become negative. This caused the umount
operation to hang in the xfs_wait_buftarg() function. The provided
patch fixes the buffer I/O accounting release race, and XFS umount no
longer hangs. (BZ#1478253)

* Kernel version 3.10.0-498.el7 separated CPU and TSC frequency and
introduced the x86_platform.calibrate_cpu function pointer which
points by default to the native_calibrate_cpu() function. As a
consequence, time synchronization bugs appeared on Red Hat Enterprise
Linux 7.3 ESXi guest causing a time offset shortly after boot. An
upstream patch has been applied, which sets x86_platform.calibrate_cpu
pointer on ESXi guests to the proper function, thus fixing this bug.

* A system having more than 128 CPUs could previously experience a
crash during shutdown after the Intelligent Platform Management
Interface (IPMI) service was stopped. The provided patch fixes a race
condition in the IPMI smi_timeout() function, allowing the system to
shut down as expected. (BZ# 1479760)

See also :


Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 6.9
CVSS Temporal Score : 5.7
Public Exploit Available : true

Family: Red Hat Local Security Checks

Nessus Plugin ID: 103351 ()

Bugtraq ID:

CVE ID: CVE-2017-7533

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now