Red Hat Security Advisory: kernel-rt security, bug fix, and enhancement update
🔗 CVE IDs covered (36)
📋 Description
CVE-2014-7970 — Kernel: fs: VFS denial of service CVE-2014-7975 — Kernel: fs: umount denial of service CVE-2015-8839 — kernel: ext4 filesystem page fault race condition with fallocate call. CVE-2015-8970 — kernel: crypto: GPF in lrw_crypt caused by null-deref CVE-2016-6213 — kernel: Overflowing kernel mount table using shared bind mount CVE-2016-7042 — kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled CVE-2016-7097 — kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit CVE-2016-8645 — kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c CVE-2016-9576 — kernel: Use after free in SCSI generic device interface CVE-2016-9588 — Kernel: kvm: nVMX: uncaught software exceptions in L1 guest leads to DoS CVE-2016-9604 — kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user CVE-2016-9685 — kernel: Memory leaks in xfs_attr_list.c error paths CVE-2016-9806 — kernel: netlink: double-free in netlink_dump CVE-2016-10088 — kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression) CVE-2016-10147 — kernel: Kernel crash by spawning mcrypt(alg) with incompatible algorithm CVE-2016-10200 — kernel: l2tp: Race condition in the L2TPv3 IP encapsulation feature CVE-2016-10741 — kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c CVE-2017-2584 — Kernel: kvm: use after free in complete_emulated_mmio CVE-2017-2596 — Kernel: kvm: page reference leakage in handle_vmon CVE-2017-2647 — kernel: Null pointer dereference in search_keyring CVE-2017-2671 — kernel: ping socket / AF_LLC connect() sin_family race CVE-2017-5551 — kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix) CVE-2017-5970 — kernel: ipv4: Invalid IP options could cause skb->dst drop CVE-2017-6001 — kernel: Race condition between multiple sys_perf_event_open() calls CVE-2017-6951 — kernel: NULL pointer dereference in keyring_search_aux function CVE-2017-7187 — kernel: scsi: Stack-based buffer overflow in sg_ioctl function CVE-2017-7495 — kernel: ext4: power failure during write(2) causes on-disk information leak CVE-2017-7616 — kernel: Incorrect error handling in the set_mempolicy and mbind compat syscalls in mm/mempolicy.c CVE-2017-7889 — kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism CVE-2017-8797 — kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand CVE-2017-8890 — kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c CVE-2017-9074 — kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option CVE-2017-9075 — kernel: net: sctp_v6_create_accept_sk function mishandles inheritance CVE-2017-9076 — kernel: net: IPv6 DCCP implementation mishandles inheritance CVE-2017-9077 — kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance CVE-2017-9242 — kernel: Incorrect overwrite check in __ip6_append_data()
🔗 References (67)
- selfhttps://access.redhat.com/errata/RHSA-2017:2077
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/7.4_Release_Notes/index.html
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151095
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1151108
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1323577
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1356471
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1368938
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1373966
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1377840
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1378172
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1386286
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1389215
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1389433
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1393904
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1396941
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1400188
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1401502
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1403145
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1404200
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1404924
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1412210
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1414052
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1417812
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1421638
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1421801
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1421810
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1422825
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1425780
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1426661
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1427626
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1427647
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1427991
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428890
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1428943
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1429610
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1429640
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1429951
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1429977
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430023
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430038
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430074
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430347
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430353
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430926
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1430946
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1431104
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1432118
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1433252
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434327
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1434616
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1436649
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1438512
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441088
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1441552
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1444493
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1450972
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452240
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452679
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452688
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452691
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1452744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1456388
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1459056
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1466329
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2017/rhsa-2017_2077.json