readykernel-patch-30.15-27.0-1.vl7

Kernel Update Version:
3.10.0-514.16.1.vz7.30.15
Release Date:
2022-03-02 08:28:02
  • PSBM-68292

    lseek(SEEK_DATA) and lseek(SEEK_HOLE) returned incorrect results on ext4 in some cases.

    It was discovered that lseek(SEEK_DATA) and lseek(SEEK_HOLE) returned incorrect values on ext4 FS in some cases, causing corruption of QCOW2 disk images used by VMs.
  • PSBM-69018

    Division by zero in dcache_is_low().

    Division by zero in dcache_is_low().
  • PSBM-65033

    venet: netdevice structures were not always freed (memory leak).

    venet: netdevice structures were not always freed (memory leak).
  • CVE-2017-11600

    Out-of-bounds access via an XFRM_MSG_MIGRATE xfrm Netlink message.

    A vulnerability was found in the handling of xfrm Netlink messages. A privileged user inside a container could cause a denial of service (kernel crash) by sending a crafted Netlink message with type XFRM_MSG_MIGRATE to the kernel.
    http://seclists.org/bugtraq/2017/Jul/30
  • CVE-2017-7541

    Possible heap buffer overflow in brcmf_cfg80211_mgmt_tx().

    Kernel memory corruption due to a buffer overflow was found in brcmf_cfg80211_mgmt_tx() function in Linux kernels from v3.9-rc1 to v4.13-rc1. The vulnerability can be triggered by sending a crafted NL80211_CMD_FRAME packet via netlink. An unprivileged local user could use this flaw to induce kernel memory corruption on the system, leading to a crash.
    https://bugzilla.redhat.com/show_bug.cgi?id=1473198
  • CVE-2017-7542

    Integer overflow in ip6_find_1stfragopt().

    Integer overflow vulnerability in ip6_find_1stfragopt() function was found. Local attacker that has privileges to open raw sockets can cause infinite loop inside ip6_find_1stfragopt() function.
    https://bugzilla.redhat.com/show_bug.cgi?id=1473649
  • PSBM-68472

    Kernel crash when accessing /proc/$PID/map_files.

    A data race was discovered in the implementation of /proc/$PID/map_files. A privileged user on the host could crash the kernel by using mmap and munmap for a file and simultaneously trying to access /proc/$PID/map_files.
  • PSBM-64050

    sctp: potential kernel crash in sctp_wait_for_sndbuf().

    If sctp module was loaded on the host, a privileged user inside a container could make sctp listen on a socket in an inappropriate state, causing a kernel crash (use-after-free in sctp_wait_for_sndbuf()).
  • PSBM-68362

    Kernel crash due to incorrect skb headroom calculation and missing checks.

    It was found that the kernel could crash (skb_under_panic) if an skb from a virtual (NETIF_F_VENET) device was processed in a particular networking configuration. The problem was caused by the incorrect skb headroom calculation and missing headroom checks.
  • PSBM-67513

    Kernel crash in ploop due to the list corruption during parallel push backups.

    A data race was discovered in ploop, which could lead to the kernel crash due to the list corruption during parallel push backups.
  • PSBM-68052

    The values shown in /proc/loadavg can be calculated incorrectly in some cases.

    A data race between calc_load_fold_active() and try_to_wake_up() was discovered. As a result of that race, the values shown in /proc/loadavg could be calculated incorrectly in some cases.
  • CVE-2017-11176

    Use-after-free in sys_mq_notify().

    The implementation of mq_notify system call in the Linux kernel through 4.11.9 does not set the sock pointer to NULL upon entry into the retry logic. During a user-space close of a Netlink socket, it allows attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact.
    https://bugzilla.redhat.com/show_bug.cgi?id=1470659
  • PSBM-64752

    ipv4: deadlock in ip_ra_control().

    A vulnerability was found in the implementation of setsockopt() operations in the Linux kernel. A privileged user inside a container could cause a DoS on the host (kernel deadlock in ip_ra_control() function) using a specially crafted sequence of system calls.
  • CVE-2017-7477

    net: Heap overflow in skb_to_sgvec in macsec.c.

    Heap-based buffer overflow in drivers/net/macsec.c in the MACsec module in the Linux kernel through 4.10.12 allows attackers to cause a denial of service or possibly have unspecified other impact by leveraging the use of a MAX_SKB_FRAGS+1 size in conjunction with the NETIF_F_FRAGLIST feature, leading to an error in the skb_to_sgvec function.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7477
  • CVE-2017-8797

    NFSv4 server does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET operand.

    The NFSv4 server in the Linux kernel compiled with CONFIG_NFSD_PNFS enabled does not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. The attack payload fits to single one-way UDP packet. The provided input value is used for array dereferencing. This may lead to a remote DoS of [knfsd] and so to a soft-lockup of a whole system.
    https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8797
  • PSBM-67263

    Use after free in vxlan_dellink().

    A vulnerability was found in the implementation of vxlan interfaces in the Linux kernel. A privileged user inside a container was able to trigger a use-after-free in vxlan_dellink() function with a special sequence of operations with vxlan interfaces, which could result in a system crash or could possibly have other unspecified impact.
  • PSBM-67221

    Kernel crash (general protection fault) in cleanup_timers().

    A vulnerability was found in the signal handling in the Linux kernel. A local unprivileged user may cause a kernel crash (general protection fault) in cleanup_timers() function by using rt_tgsigqueueinfo() system call with a specially crafted set of arguments.
  • PSBM-67300

    Kernel crash (NULL pointer dereference) in list_lru_destroy().

    Kernel crash (NULL pointer dereference) in list_lru_destroy().
  • PSBM-67076

    Kernel deadlocks in try_charge().

    When memcgroup reached memory limits, kernel may have entered an endless loop in try_charge(), and deadlocked.