- Kernel Update Version:
- Release Date:
- 2019-03-20 10:08:02
Haproxy processes are getting stuck in D state in lock_sock().
Processes could get stuck in an unkillable state when using large FUSE KIO messages.It was found that rpc_get_hdr() function from 'fuse_kio_pcs' module did not return valid values in 'msg_size' in some cases. As a result, the processes using large FUSE KIO messages could get stuck in an unkillable state.
Containers failed to start due to memory allocation failure in ip_set_net_init().Kernel module 'ip_set' tried to allocate physically contiguous memory areas for its array of pointers to 'ip_set' structures in ip_set_net_init(). If large enough maximum number of IP sets was requested from the user space, memory allocation would fail. Containers would fail to start as a result.
Out-of-bounds access in show_timer() function.The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18344