-
PSBM-79502
Kernel warnings about memory allocation failures in vznetstat.
Kernel warnings about memory allocation failures in vznetstat.
-
PSBM-79273
Soft lockup in isolate_lru_page().
Migrating large memory ranges may take a while. With no resched points available, it caused soft lockups in isolate_lru_page().
-
CVE-2017-15115
Use-after-free in sctp_cmp_addr_exact().
sctp_do_peeloff() function in the Linux kernel before 4.14 did not check whether the intended netns was used in a peel-off action, which allowed local users to cause a denial of service (use-after-free in sctp_cmp_addr_exact() resulting in system crash) or possibly have unspecified other impact via crafted system calls.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-15115
-
PSBM-78078
Containers failed to restart because their VEIP addresses were not released.
The kernel could consider a container stopped before the resources of that container, for example, VEIP addresses, have been released. As a result, the system could fail to restart the container.
-
PSBM-78342
FUSE: kernel warning in request_end().
A warning about FR_PENDING bit was printed by request_end() because fuse_request_send_background() did not clear that bit.
-
PSBM-78904
Potential use-after-free in the processing of namespaces.
Potential use-after-free in the processing of namespaces.
-
PSBM-78354
tcache: kernel warning in tcache_invalidate_node_pages().
When there were more than two users of a page, __tcache_page_tree_delete() failed to freeze it. The page would never be invalidated and tcache_node->nr_pages would never be decremented. A kernel warning would be output as a result.
-
PSBM-77154
tcache: unnecessary BUG_ON()s.
Many of the issues that BUG_ON()s were supposed to catch in tcache were not serious enough to crash the kernel. A warning will now be output in such cases instead.
-
CVE-2017-1000407
KVM: DoS via write flood to I/O port 0x80.
A vulnerability was found in the kernel virtualization module (KVM) for the Intel processors. A guest system could flood the I/O port 0x80 with write requests, which could crash the host kernel, resulting in DoS.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000407
-
CVE-2017-8824
Use-after-free in DCCP socket handling.
A vulnerability was found in DCCP socket handling code. dccp_disconnect() set the socket state to DCCP_CLOSED but did not properly free some of the resources associated with that socket. This could result in a use-after-free and could potentially allow an attacker to escalate their privileges.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-8824
-
CVE-2017-1000405
PMD can become dirty without going through a COW cycle.
A flaw was found in the patches used to fix the 'Dirty COW' vulnerability (CVE-2016-5195). An attacker, able to run local code, can exploit a race condition in transparent huge pages to modify usually read-only huge pages.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000405
-
CVE-2017-16939
ipsec: xfrm: use-after-free leading to potential privilege escalation.
The Linux kernel is vulnerable to a use-after-free issue. It could occur while closing a xfrm netlink socket, in xfrm_dump_policy_done. A user/process could use this flaw to potentially escalate their privileges on a system.
https://bugzilla.redhat.com/show_bug.cgi?id=1517220
-
PSBM-77949
Vstorage service hung in wait_iff_congested().
Vstorage service hung in wait_iff_congested() in some cases. The problem was twofold. First, excessive COMMIT operations made by releasepage() in NFS resulted in performance degradation. Second, the non-optimal implementation of splice() operation in FUSE decreased performance as well.