[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-81fbd592d4)

[Oracle Ksplice]

Synopsis: FEDORA-2017-81fbd592d4 can now be patched using Ksplice
CVEs: CVE-2016-7097

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-81fbd592d4.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Memory leak in InfiniBand cache setup.

The core InfiniBand cache does not correctly release memory when an error is
encountered which can lead to a kernel memory leak.


* Denial of service with many VFs on Mellanox devices.

Enabling many VFs on an Mellanox InfiniBand device can trigger large memory
pressure which can lead to a system hang and cause data loss.


* Improved fix for CVE-2016-7097: Permission bypass in Overlay filesystem when setting POSIX ACLs.

The initial fix for CVE-2016-7097 did not handle overlay filesystems on tmpfs
mounts which could allow local, unprivileged users to escalate privileges.


* Memory leak in SunRPC GSSAPI teardown.

A logic error when handling GSS_PROC_DESTROY messages can allow a remote user
to cause a kernel memory leak when establishing a connection to the kernel NFS
daemon.


* Memory leak in persistent memory namespaces.

The kernel persistent memory block device subsystem does not allow namespaces
to be removed when no longer needed, leading to a kernel memory leak.


* Kernel panic when creating Mellanox Infiniband Shared Receive Queues.

A logic error when creating a Shared Receive Queue for Mellanox InfiniBand
devices can cause in invalid index to be computed which can trigger a denial of
service.


* Kernel panic when destroying Mellanox 4 queue pairs.

A logic error when destroying the queue pair for Mellanox InfiniBand queue
pairs can trigger an out-of-bounds read and subsequent kernel panic.


* Use after free when aborting FUSE connection.

A race condition when aborting a FUSE connection can trigger a use after free
and kernel panic. A local, privileged user can trigger this issue to cause a
denial of service.


* Kernel panic in ATUSB IEEE 802.15.4 transceiver.

The kernel IEEE 802.15.4 driver for ATUSB devices incorrectly DMAs memory which
can trigger memory corruption and a kernel panic.


* Kernel panic in Corsair HID device driver.

The Corsair HID driver incorrectly DMAs memory which can trigger memory
corruption and a kernel panic.


* Kernel panic when probing QLogic Fibre Channel devices.

The kernel QLogic QLA2XXX device driver does not handle NULL pointers correctly
which can trigger a kernel panic.


* Kernel panic in SunRPC RDMA transport.

The RDMA transport for SunRPC messages does not correctly free resources on
errors which can cause memory to be released multiple times causing a kernel
panic.


* Use after free in Gennum GS1662 device shutdown.

The kernel Gennum device driver incorrectly frees memory on device shutdown
which can trigger a use-after-free condition and kernel panic.


* Memory corruption in Infiniband RoCE support.

A large structure is allocated when rolling back a InfiniBand operation which
can trigger a stack buffer overflow and trigger kernel memory corruption.


* Memory corruption in cephfs cryptographic operations.

The ceph filesystem incorrectly allocates data on the stack which can trigger
kernel memory corruption when performing DMA cryptographic operations.


* Deadlock when changing cephfs capabilities.

Incorrect locking when changing cephfs capabilities can trigger a deadlock and
kernel panic.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.