[Ksplice-Fedora-27-updates] New Ksplice updates for Fedora 27 (FEDORA-2018-7802740586)

Wed Apr 11 12:01:53 PDT 2018

Synopsis: FEDORA-2018-7802740586 can now be patched using Ksplice
CVEs: CVE-2017-5753

Systems running Fedora 27 can now use Ksplice to patch against the
latest Fedora kernel update, FEDORA-2018-7802740586.

INSTALLING THE UPDATES

We recommend that all users of Ksplice Uptrack running Fedora 27
install these updates.

On systems that have "autoinstall = yes" in /etc/uptrack/uptrack.conf,
these updates will be installed automatically and you do not need to
take any action.

Alternatively, you can install these updates by running:

# /usr/sbin/uptrack-upgrade -y

DESCRIPTION

* Denial-of-service in Infiniband MLX5 Shared Receive Queue creation.

A failure to validate user input when creating a SRQ in the MLX5 driver
could lead to an integer overflow. A local user could use this flaw to
cause a denial-of-service.

* Denial-of-service in ALSA loopback open and close.

A race condition in the ALSA driver's loopback code could cause an
invalid memory access, leading to kernel memory corruption or panic.
This could be used to cause a denial-of-service.

* Denial-of-service in Infiniband MLX5 memory region release.

A logic error in the Infiniband MLX5 driver could lead to invalid memory
being accessed and cause memory corruption of a kernel panic.  A malicious
user could exploit this to cause a denial-of-service.

* Denial-of-service in ATAPI-relayed SCSI commands.

A missing check in the SCCI atapi code could lead to an invalid
memory write and possible memory corruption or kernel panic.  A
malicious user could use this to cause a denial-of-service.

* Invalid rule checking for threaded modes in cgroup.

A logic mistake in the cgroup code could allow a domain cgroup
to become threaded when it shouldn't be.

* Denial-of-service in NFS server when clients leave.

A failure to properly remove lock owners on client teardown in the nfsd
code could lead to kernel panics.  This could be exploited by a client
to cause a denial-of-service.

* Denial-of-service in remap_file_pages with hugetlbfs.

A failure to verify passed-in values in the hugetlb code could
to an integer overflow and subsequent kernel BUG.  An attacker
could exploit this to cause a denial-of-service.

* Denial-of-service with USB displaylink video adapter framebuffers mmap.

A missing check in the USB displaylink video adapter code could allow
some invalid numbers to be passed into the framebuffer mmap. This could
be used to cause a denial-of-service.

* Denial-of-service when flushing dirty cgroup pages.

A failure to properly wake up threads when flushing pages used by
cgroups could lead to a memory leak and subsequent OOM.  This could
be used to cause a denial-of-service.

* Denial-of-service in NCP filesystem server during mmap.

A failure to verify bounds in the NCP filesystem on the server side
could lead to memory corruption and a kernel panic.  This could be
exploited to cause a denial-of-service.

* Improved fix for CVE-2017-5753: Speculative execution in posix timers.

The posix timers clock array is vulnerable to a Spectre variant 1
side-channel attack.  An attacker could exploit this flaw to read
arbitrary memory.

SUPPORT

Ksplice support is available at ksplice-support_ww at oracle.com.