RHSA-2017:2669HighCVSS 8.6

Red Hat Security Advisory: kernel-rt security and bug fix update

Published
September 6, 2017
Last Modified
June 30, 2026

🔗 CVE IDs covered (25)

📋 Description

CVE-2015-8839 — kernel: ext4 filesystem page fault race condition with fallocate call. CVE-2016-7042 — kernel: Stack corruption while reading /proc/keys when gcc stack protector is enabled CVE-2016-7097 — kernel: Setting a POSIX ACL via setxattr doesn't clear the setgid bit CVE-2016-8645 — kernel: a BUG() statement can be hit in net/ipv4/tcp_input.c CVE-2016-9576 — kernel: Use after free in SCSI generic device interface CVE-2016-9604 — kernel: security: The built-in keyrings for security tokens can be joined as a session and then modified by the root user CVE-2016-9685 — kernel: Memory leaks in xfs_attr_list.c error paths CVE-2016-9806 — kernel: netlink: double-free in netlink_dump CVE-2016-10088 — kernel: Use after free in SCSI generic device interface (CVE-2016-9576 regression) CVE-2016-10741 — kernel: race condition between direct and memory-mapped I/O in fs/xfs/xfs_aops.c CVE-2017-2671 — kernel: ping socket / AF_LLC connect() sin_family race CVE-2017-5551 — kernel: S_ISGD is not cleared when setting posix ACLs in tmpfs (CVE-2016-7097 incomplete fix) CVE-2017-5970 — kernel: ipv4: Invalid IP options could cause skb->dst drop CVE-2017-6001 — kernel: Race condition between multiple sys_perf_event_open() calls CVE-2017-6951 — kernel: NULL pointer dereference in keyring_search_aux function CVE-2017-7187 — kernel: scsi: Stack-based buffer overflow in sg_ioctl function CVE-2017-7495 — kernel: ext4: power failure during write(2) causes on-disk information leak CVE-2017-7533 — kernel: a race between inotify_handle_event() and sys_rename() CVE-2017-7889 — kernel: mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM protection mechanism CVE-2017-8797 — kernel: NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand CVE-2017-8890 — kernel: Double free in the inet_csk_clone_lock function in net/ipv4/inet_connection_sock.c CVE-2017-9074 — kernel: net: IPv6 fragmentation implementation of nexthdr field may be associated with an invalid option CVE-2017-9075 — kernel: net: sctp_v6_create_accept_sk function mishandles inheritance CVE-2017-9076 — kernel: net: IPv6 DCCP implementation mishandles inheritance CVE-2017-9077 — kernel: net: tcp_v6_syn_recv_sock function mishandles inheritance

🔗 References (27)