exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Red Hat Security Advisory 2017-1615-01

Red Hat Security Advisory 2017-1615-01
Posted Jun 28, 2017
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2017-1615-01 - The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: A flaw was found in the way Linux kernel allocates heap memory to build the scattergather list from a fragment list->frag_list) in the socket buffer. The heap overflow occurred if 'MAX_SKB_FRAGS + 1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A remote user or process could use this flaw to potentially escalate their privilege on a system.

tags | advisory, remote, overflow, kernel
systems | linux, redhat
advisories | CVE-2017-2583, CVE-2017-6214, CVE-2017-7477, CVE-2017-7645, CVE-2017-7895
SHA-256 | f1988095293b1d64049e46bd41403517aff425f5b6ac9160c3403479e585fd90

Red Hat Security Advisory 2017-1615-01

Change Mirror Download
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

=====================================================================
Red Hat Security Advisory

Synopsis: Important: kernel security and bug fix update
Advisory ID: RHSA-2017:1615-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2017:1615
Issue date: 2017-06-28
CVE Names: CVE-2017-2583 CVE-2017-6214 CVE-2017-7477
CVE-2017-7645 CVE-2017-7895
=====================================================================

1. Summary:

An update for kernel is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Client Optional (v. 7) - x86_64
Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64
Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64
Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional (v. 7) - noarch, ppc64, ppc64le, x86_64
Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64

3. Description:

The kernel packages contain the Linux kernel, the core of any Linux
operating system.

Security Fix(es):

* A flaw was found in the way Linux kernel allocates heap memory to build
the scattergather list from a fragment list(skb_shinfo(skb)->frag_list) in
the socket buffer(skb_buff). The heap overflow occurred if 'MAX_SKB_FRAGS +
1' parameter and 'NETIF_F_FRAGLIST' feature were used together. A
remote user or process could use this flaw to potentially escalate their
privilege on a system. (CVE-2017-7477, Important)

* The NFS2/3 RPC client could send long arguments to the NFS server. These
encoded arguments are stored in an array of memory pages, and accessed
using pointer variables. Arbitrarily long arguments could make these
pointers point outside the array and cause an out-of-bounds memory access.
A remote user or program could use this flaw to crash the kernel (denial of
service). (CVE-2017-7645, Important)

* The NFSv2 and NFSv3 server implementations in the Linux kernel through
4.10.13 lacked certain checks for the end of a buffer. A remote attacker
could trigger a pointer-arithmetic error or possibly cause other
unspecified impacts using crafted requests related to fs/nfsd/nfs3xdr.c and
fs/nfsd/nfsxdr.c. (CVE-2017-7895, Important)

* The Linux kernel built with the Kernel-based Virtual Machine (CONFIG_KVM)
support was vulnerable to an incorrect segment selector(SS) value error.
The error could occur while loading values into the SS register in long
mode. A user or process inside a guest could use this flaw to crash the
guest, resulting in DoS or potentially escalate their privileges inside the
guest. (CVE-2017-2583, Moderate)

* A flaw was found in the Linux kernel's handling of packets with the URG
flag. Applications using the splice() and tcp_splice_read() functionality
could allow a remote attacker to force the kernel to enter a condition in
which it could loop indefinitely. (CVE-2017-6214, Moderate)

Red Hat would like to thank Ari Kauppi for reporting CVE-2017-7895 and
Xiaohan Zhang (Huawei Inc.) for reporting CVE-2017-2583.

Bug Fix(es):

* Previously, the reserved-pages counter (HugePages_Rsvd) was bigger than
the total-pages counter (HugePages_Total) in the /proc/meminfo file, and
HugePages_Rsvd underflowed. With this update, the HugeTLB feature of the
Linux kernel has been fixed, and HugePages_Rsvd underflow no longer occurs.
(BZ#1445184)

* If a directory on a NFS client was modified while being listed, the NFS
client could restart the directory listing multiple times. Consequently,
the performance of listing the directory was sub-optimal. With this update,
the restarting of the directory listing happens less frequently. As a
result, the performance of listing the directory while it is being modified
has improved. (BZ#1450851)

* The Fibre Channel over Ethernet (FCoE) adapter in some cases failed to
reboot. This update fixes the qla2xxx driver, and FCoE adapter now reboots
as expected. (BZ#1446246)

* When a VM with Virtual Function I/O (VFIO) device was rebooted, the QEMU
process occasionally terminated unexpectedly due to a failed VFIO Direct
Memory Access (DMA) map request. This update fixes the vfio driver and QEMU
no longer crashes in the described situation. (BZ#1450855)

* When the operating system was booted with the in-box lpfc driver, a
kernel panic occurred on the little-endian variant of IBM Power Systems.
This update fixes lpfc, and the kernel no longer panics in the described
situation. (BZ#1452044)

* When creating or destroying a VM with Virtual Function I/O (VFIO) devices
with "Hugepages" feature enabled, errors in Direct Memory Access (DMA) page
table entry (PTE) mappings occurred, and QEMU memory usage behaved
unpredictably. This update fixes range computation when making room for
large pages in Input/Output Memory Management Unit (IOMMU). As a result,
errors in DMA PTE mappings no longer occur, and QEMU has a predictable
memory usage in the described situation. (BZ#1450856)

4. Solution:

For details on how to apply this update, which includes the changes
described in this advisory, refer to:

https://access.redhat.com/articles/11258

The system must be rebooted for this update to take effect.

5. Bugs fixed (https://bugzilla.redhat.com/):

1414735 - CVE-2017-2583 Kernel: Kvm: vmx/svm potential privilege escalation inside guest
1426542 - CVE-2017-6214 kernel: ipv4/tcp: Infinite loop in tcp_splice_read()
1443615 - CVE-2017-7645 kernel: nfsd: Incorrect handling of long RPC replies
1445207 - CVE-2017-7477 kernel: net: Heap overflow in skb_to_sgvec in macsec.c
1446103 - CVE-2017-7895 kernel: NFSv3 server does not properly handle payload bounds checking of WRITE requests

6. Package List:

Red Hat Enterprise Linux Client (v. 7):

Source:
kernel-3.10.0-514.26.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.26.1.el7.noarch.rpm
kernel-doc-3.10.0-514.26.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.x86_64.rpm
perf-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux Client Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode (v. 7):

Source:
kernel-3.10.0-514.26.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.26.1.el7.noarch.rpm
kernel-doc-3.10.0-514.26.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.x86_64.rpm
perf-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux ComputeNode Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server (v. 7):

Source:
kernel-3.10.0-514.26.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.26.1.el7.noarch.rpm
kernel-doc-3.10.0-514.26.1.el7.noarch.rpm

ppc64:
kernel-3.10.0-514.26.1.el7.ppc64.rpm
kernel-bootwrapper-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debug-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.26.1.el7.ppc64.rpm
kernel-devel-3.10.0-514.26.1.el7.ppc64.rpm
kernel-headers-3.10.0-514.26.1.el7.ppc64.rpm
kernel-tools-3.10.0-514.26.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.ppc64.rpm
perf-3.10.0-514.26.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
python-perf-3.10.0-514.26.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm

ppc64le:
kernel-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-bootwrapper-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debug-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-devel-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-headers-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-tools-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.ppc64le.rpm
perf-3.10.0-514.26.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
python-perf-3.10.0-514.26.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm

s390x:
kernel-3.10.0-514.26.1.el7.s390x.rpm
kernel-debug-3.10.0-514.26.1.el7.s390x.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.s390x.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.s390x.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.s390x.rpm
kernel-debuginfo-common-s390x-3.10.0-514.26.1.el7.s390x.rpm
kernel-devel-3.10.0-514.26.1.el7.s390x.rpm
kernel-headers-3.10.0-514.26.1.el7.s390x.rpm
kernel-kdump-3.10.0-514.26.1.el7.s390x.rpm
kernel-kdump-debuginfo-3.10.0-514.26.1.el7.s390x.rpm
kernel-kdump-devel-3.10.0-514.26.1.el7.s390x.rpm
perf-3.10.0-514.26.1.el7.s390x.rpm
perf-debuginfo-3.10.0-514.26.1.el7.s390x.rpm
python-perf-3.10.0-514.26.1.el7.s390x.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.s390x.rpm

x86_64:
kernel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.x86_64.rpm
perf-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux Server Optional (v. 7):

noarch:
kernel-doc-3.10.0-514.26.1.el7.noarch.rpm

ppc64:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-debuginfo-common-ppc64-3.10.0-514.26.1.el7.ppc64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.ppc64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.ppc64.rpm

ppc64le:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-debuginfo-common-ppc64le-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.ppc64le.rpm
perf-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.ppc64le.rpm

x86_64:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation (v. 7):

Source:
kernel-3.10.0-514.26.1.el7.src.rpm

noarch:
kernel-abi-whitelists-3.10.0-514.26.1.el7.noarch.rpm
kernel-doc-3.10.0-514.26.1.el7.noarch.rpm

x86_64:
kernel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debug-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-devel-3.10.0-514.26.1.el7.x86_64.rpm
kernel-headers-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-3.10.0-514.26.1.el7.x86_64.rpm
perf-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

Red Hat Enterprise Linux Workstation Optional (v. 7):

x86_64:
kernel-debug-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-debuginfo-common-x86_64-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
kernel-tools-libs-devel-3.10.0-514.26.1.el7.x86_64.rpm
perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm
python-perf-debuginfo-3.10.0-514.26.1.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2017-2583
https://access.redhat.com/security/cve/CVE-2017-6214
https://access.redhat.com/security/cve/CVE-2017-7477
https://access.redhat.com/security/cve/CVE-2017-7645
https://access.redhat.com/security/cve/CVE-2017-7895
https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/articles/3090941.

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/

Copyright 2017 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iD8DBQFZU/jWXlSAg2UNWIIRAr2tAKCNLfAoYb4N6aC4Ku6JOiP/yO9YVQCgoj0+
EY56W3xvQDrvUk2IIHHZzi4=
=ObbT
-----END PGP SIGNATURE-----

--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close