RHEL 6 : kernel-rt (RHSA-2015:0694)

This script is Copyright (C) 2015-2017 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

Updated kernel-rt packages that fix multiple security issues, several
bugs, and add various enhancements are now available for Red Hat
Enterprise MRG 2.5.

Red Hat Product Security has rated this update as having Important
security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

* A flaw was found in the way the Linux kernel's XFS file system
handled replacing of remote attributes under certain conditions. A
local user with access to XFS file system mount could potentially use
this flaw to escalate their privileges on the system. (CVE-2015-0274,
Important)

* A flaw was found in the way the Linux kernel's splice() system call
validated its parameters. On certain file systems, a local,
unprivileged user could use this flaw to write past the maximum file
size, and thus crash the system. (CVE-2014-7822, Moderate)

* A race condition flaw was found in the Linux kernel's ext4 file
system implementation that allowed a local, unprivileged user to crash
the system by simultaneously writing to a file and toggling the
O_DIRECT flag using fcntl(F_SETFL) on that file. (CVE-2014-8086,
Moderate)

* It was found that due to excessive files_lock locking, a soft lockup
could be triggered in the Linux kernel when performing asynchronous
I/O operations. A local, unprivileged user could use this flaw to
crash the system. (CVE-2014-8172, Moderate)

* A NULL pointer dereference flaw was found in the way the Linux
kernel's madvise MADV_WILLNEED functionality handled page table
locking. A local, unprivileged user could use this flaw to crash the
system. (CVE-2014-8173, Moderate)

Red Hat would like to thank Eric Windisch of the Docker project for
reporting CVE-2015-0274, and Akira Fujita of NEC for reporting
CVE-2014-7822.

Bug fixes :

* A patch removing the xt_connlimit revision zero ABI was not reverted
in the kernel-rt package, which caused problems because the iptables
package requires this revision. A patch to remove the xt_connlimit
revision 0 was reverted from the kernel-rt sources to allow the
iptables command to execute correctly. (BZ#1169755)

* With an older Mellanox Connect-IB (mlx4) driver present in the MRG
Realtime kernel, a race condition could occur that would cause a loss
of connection. The mlx4 driver was updated, resolving the race
condition and allowing proper connectivity. (BZ#1182246)

* The MRG Realtime kernel did not contain the appropriate code to
resume after a device failed, causing the volume status after a repair
to not be properly updated. A 'refresh needed' was still listed in the
'lvs' output after executing the 'lvchange --refresh' command. A patch
was added that adds the ability to correctly restore a transiently
failed device upon resume. (BZ#1159803)

* The sosreport executable would hang when reading
/proc/net/rpc/use-gss-proxy because of faulty wait_queue logic in the
proc handler. This wait_queue logic was removed from the proc handler,
allowing the reads to correctly return the current state. (BZ#1169900)

Enhancements :

* The MRG Realtime kernel-rt sources have been modified to take
advantage of the updated 3.10 kernel sources that are available with
the Red Hat Enterprise Linux 7 releases. (BZ#1172844)

* The MRG Realtime version of the e1000e driver has been updated to
provide support for the Intel I218-LM network adapter. (BZ#1191767)

* The MRG Realtime kernel was updated to provide support for the
Mellanox Connect-IB (mlx5). (BZ#1171363)

* The rt-firmware package has been updated to provide additional
firmware files required by the new version of the Red Hat Enterprise
MRG 2.5 kernel (BZ#1184251)

All kernel-rt users are advised to upgrade to these updated packages,
which contain backported patches to correct these issues and add these
enhancements. The system must be rebooted for this update to take
effect.

See also :

https://www.redhat.com/security/data/cve/CVE-2014-7822.html
https://www.redhat.com/security/data/cve/CVE-2014-8086.html
https://www.redhat.com/security/data/cve/CVE-2014-8172.html
https://www.redhat.com/security/data/cve/CVE-2014-8173.html
https://www.redhat.com/security/data/cve/CVE-2015-0274.html
http://rhn.redhat.com/errata/RHSA-2015-0694.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.2
(CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 5.3
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Red Hat Local Security Checks

Nessus Plugin ID: 81905 ()

Bugtraq ID:

CVE ID: CVE-2014-7822
CVE-2014-8086
CVE-2014-8172
CVE-2014-8173
CVE-2015-0274

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now