RHEL 7 : kernel-rt (RHSA-2016:1051)

high Nessus Plugin ID 91116
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

An update for kernel-rt is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux operating system.

The following packages have been upgraded to a newer upstream version:
kernel-rt (3.10.0-327.18.2). This version provides a number of bug fixes and enhancements, including :

* [scsi] bnx2fc: Fix FCP RSP residual parsing and remove explicit logouts

* [scsi] mpt3sas: Fix for Asynchronous completion of timedout IO and task abort of timedout IO

* [scsi] scsi_error: should not get sense for timeout IO in scsi error handler

* [scsi] Revert libiscsi: Reduce locking contention in fast path

* [mm] madvise: fix MADV_WILLNEED on shmem swapouts

* [cpufreq] intel_pstate: decrease number of 'HWP enabled' messages and enable HWP per CPU

* [kernel] sched: Robustify topology setup

* [kernel] sched/fair: Disable tg load_avg/runnable_avg update for root_task_group

* [kernel] sched/fair: Move hot load_avg/runnable_avg into separate cacheline

* [ib] mlx5: Fix RC transport send queue overhead computation

* [fs] nfsd: fix clp->cl_revoked list deletion causing softlock in nfsd

* [fs] ceph: multiple updates

(BZ#1322033)

Security Fix(es) :

* A flaw was found in the way the Linux kernel's ASN.1 DER decoder processed certain certificate files with tags of indefinite length. A local, unprivileged user could use a specially crafted X.509 certificate DER file to crash the system or, potentially, escalate their privileges on the system. (CVE-2016-0758, Important)

Red Hat would like to thank Philip Pettersson of Samsung for reporting this issue.

Bug Fix(es) :

* The hotplug lock and the console semaphore could be acquired in an incorrect order, which could previously lead to a deadlock causing the system console to freeze. The underlying code has been adjusted to acquire the locks in the correct order, resolving the bug with the console. (BZ# 1324767)

Solution

Update the affected packages.

See Also

https://access.redhat.com/errata/RHSA-2016:1051

https://access.redhat.com/security/cve/cve-2016-0758

Plugin Details

Severity: High

ID: 91116

File Name: redhat-RHSA-2016-1051.nasl

Version: 2.12

Type: local

Agent: unix

Published: 5/13/2016

Updated: 10/24/2019

Dependencies: ssh_get_info.nasl, linux_alt_patch_detect.nasl

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:kernel-rt, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debug-kvm-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-debuginfo-common-x86_64, p-cpe:/a:redhat:enterprise_linux:kernel-rt-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-doc, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-kvm-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-debuginfo, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-devel, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm, p-cpe:/a:redhat:enterprise_linux:kernel-rt-trace-kvm-debuginfo, cpe:/o:redhat:enterprise_linux:7

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 5/12/2016

Vulnerability Publication Date: 6/27/2016

Reference Information

CVE: CVE-2016-0758

RHSA: 2016:1051