[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-3d1ca4f647)

[Oracle Ksplice]

Synopsis: FEDORA-2017-3d1ca4f647 can now be patched using Ksplice

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-3d1ca4f647.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Unprivileged user with access to btrfs can consume all system memory.

An unprivileged user with access to a btrfs volume can cause the system
to allocate unbounded amounts of memory, eventually causing a
denial-of-service.


* Incorrect error checking in btrfs_mark_buffer_dirty causes spurious BUG.

Overzealous error checking in btrfs_mark_buffer_dirty can cause a BUG
and denial-of-service when the system was in fact operating correctly.


* Logic error in btrfs log tree causes deadlock.

Incorrect logic could cause a lock order reversal while traversing nodes
in the btrfs log tree, potentially deadlocking the system and causing a
denial-of-service.


* Invalid memory access in btrfs multi-delete replay.

Incorrect logic when replaying a delete of directory entries could cause
an out-of-bounds access, potentially causing a denial-of-service or
exposing privileged memory.


* Overzealous error checking in btrfs dirty buffer check causes spurious BUG.

When btrfs integrity checking is enabled, it can spuriously trigger a
BUG call when walking a relocation tree extent buffer, causing a
denial-of-service.


* Memory leak due to race condition in btrfs block read.

A race condition between between an automatic read-ahead and
a user-initiated read of the same block can leak memory, causing
system performance degradation and an eventual denial-of-service.


* Memory leak in btrfs extent tree walk.

A missing free in the btrfs extent tree do_walk_down function leaks
memory, causing performance degradation and an eventual
denial-of-service.


* Deadlock in btrfs unmount due to incorrect mutex logic.

Incorrect mutex ordering could cause a deadlock and denial-of-service
while unmounting a btrfs volume.


* Bad error checking when dropping btrfs snapshot causes denial-of-service.

Incorrect error checking when dropping a btrfs snapshot could cause a
spurious BUG call in some cases, causing a denial-of-service.


* Permission bypass in close-on-exec file descriptors.

A race condition in setup_new_exec could allow reading a process's file
descriptors via /proc if they were opened with O_CLOEXEC.


* Race condition in generic block device code causes spurious BUG.

An incorrect condition when attempting to exclusively lock a block
device could cause error checking code to erroneously fire, causing a
BUG and denial-of-service.


* Memory corruption with ext4 block size greater than 64k.

Utilizing an ext4 filesystem with block size greater than 64k can cause
memory corruption, potentially causing a denial-of-service.


* Corrupted inode in ext4 leads to integer overflow.

Inodes with negative size can be read by the ext4 filesystem. This can
cause an integer overflow upstream in the vfs layer, which could be
potentially exploited.


* Race condition when completing queued block device transaction causes corruption.

A missing lock in block device request completion could cause the
completion to race with another request being queued, causing corruption
of the queue and a possible denial-of-service.


* Memory corruption in SMB2 client when reacquiring lost locks.

When attempting to require locks lost after a session break, an
incorrectly sized buffer could be used for the lock structure,
corrupting memory and potentially causing a denial-of-service.


* Race condition in driver core glue directory creation causes denial-of-service.

Failing to hold a mutex reference through the full usage of its
associated object when cleaning up the glue directory for a device could
cause the cleanup to race with the creation of another device,
potentially causing memory corruption and a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.