readykernel-patch-63.3-60.0-1.vl7
- Kernel Update Version:
- 3.10.0-862.9.1.vz7.63.3
- Release Date:
- 2022-03-02 08:28:02
-
PSBM-88082
File systems: insufficient error handling in sget() could lead to excessive memory consumption.
-
PSBM-87859
Kernel bug: scheduling while atomic in scsi_register_device_handler().
-
PSBM-73001
sunrpc: potential kernel crash (use after free) in svc_process_common().
-
PSBM-87665
fuse_kio_pcs: potential kernel crash (NULL pointer dereference) in pcs_map_encode_req().
-
PSBM-87649
Potential out-of-bounds read in fuse_dev_splice_write().
-
PSBM-87670
Attempts to start a container fail with errors like 'cannot create directory /sys/fs/cgroup/beancounter/{something}'.
-
PSBM-87281
'libvirtd' service was unresponsive because 'cgroup_mutex' was held for a long time.
-
PSBM-87858
Haproxy processes are getting stuck in D state in lock_sock().
-
PSBM-87877
Processes could get stuck in an unkillable state when using large FUSE KIO messages.
It was found that rpc_get_hdr() function from 'fuse_kio_pcs' module did not return valid values in 'msg_size' in some cases. As a result, the processes using large FUSE KIO messages could get stuck in an unkillable state. -
PSBM-87338
Containers failed to start due to memory allocation failure in ip_set_net_init().
Kernel module 'ip_set' tried to allocate physically contiguous memory areas for its array of pointers to 'ip_set' structures in ip_set_net_init(). If large enough maximum number of IP sets was requested from the user space, memory allocation would fail. Containers would fail to start as a result. -
CVE-2017-18344
Out-of-bounds access in show_timer() function.
The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18344