[Ksplice-Fedora-25-updates] New Ksplice updates for Fedora 25 (FEDORA-2017-7462231059)

[Oracle Ksplice]

Synopsis: FEDORA-2017-7462231059 can now be patched using Ksplice
CVEs: CVE-2017-7889 CVE-2017-8064 CVE-2017-8067

Systems running Fedora 25 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2017-7462231059.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 25
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y


DESCRIPTION

* Denial-of-service when reserving EFI memory region.

Reserving an runtime memory region can result in corrupted memory
descriptors, causing a kernel panic and denial-of-service.


* Denial-of-service due to race in Intel RDT schemata.

A misplaced lock in the Intel Resource Director schemata code could
allow temporary storage memory to be written out of bounds or
double-freed, potentially causing a denial-of-service.


* Reference leak in iSCSI session shutdown causes denial-of-service.

Incorrect reference logic in iSCSI session shutdown could cause a leak
of a memory record, potentially causing a kernel panic and
denial-of-service.


* Information leak via SCSI driver capability check.

Incorrectly parsing the length of a SCSI capability buffer returned from
an older device could read off the end of the buffer, potentially
leaking kernel information.


* Deadlock in libnvdimm reconfigure when faulting causes denial-of-service.

Incorrect lock logic in libnvdimm could cause a lock order reversal
while handling a memory fault on non-volatile memory, potentially
causing a kernel hang and denial-of-service.


* Sleeping with lock held in libnvdimm reconfig causes denial-of-service.

Incorrect lock logic in libnvdimm reconfigure causes a kernel thread to
sleep while holding a lock, triggering a kernel BUG and a potential
denial-of-service.


* Memory corruption in zram page compression causes denial-of-service.

Incorrectly copying memory from a non page-aligned boundary in the zram
driver could corrupt kernel memory, causing a kernel panic and
denial-of-service.


* Denial-of-service with asynchronous XTS and LRW cryptography.

Functions in the XTS and LRW cryptography code do not correctly accept
asynchronous completions, and free memory in-use, causing memory
corruption and a possible denial-of-service.


* CVE-2017-8064: Kernel stack memory access via USB DVD device name.

An erroneous copy of a USB DVD device name to the stack could overflow,
potentially allowing an attacker to manipulate stack memory, causing a
denial-of-service or privilege escalation.


* CVE-2017-7889: Permissions bypass via /dev/mem file.

The mm subsystem does not properly enforce the CONFIG_STRICT_DEVMEM
protection mechanism, which allows local users to read or write to
kernel memory locations via an application that opens the /dev/mem file.


* CVE-2017-8067: Denial-of-service via console driver memory mapping.

An incorrect usage of mapped memory from the stack in the virtio-console
driver could allow an attacker to alter kernel stack memory, causing a
privilege escalation of denial-of-service.


* Remote denial-of-service via overly sized NFS2/3 RPC call.

If an NFS version 2 or 3 client appends extraneous data to their RPC
calls or replies, the server fails to correctly allocate sufficient
memory, potentially causing memory corruption and a denial-of-service.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.