-
CVE-2018-14634
Integer overflow in create_elf_tables() function.
An integer overflow flaw was found in create_elf_tables(). An unprivileged local user with access to SUID (or otherwise privileged) binary could use this flaw to escalate their privileges on the system.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14634
-
CVE-2017-1000365
Bypass of the size restriction on the arguments and environment variables of a process.
The Linux kernel imposes a size limit on the memory needed to store the arguments and environment variables of a process, 1/4 of the maximum stack size (RLIMIT_STACK). However, the pointers to these data were not taken into account, which allowed attackers to bypass the limit and even exhaust the stack of the process.
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-1000365
-
PSBM-88818
Kernel crash in __run_hrtimer().
It was found that the implementation of high resolution timers ('hrtimer' subsystem) did not handle the situation when a timer was started simultaneously with its restart in another thread. As a result, a BUG_ON() could trigger in __run_hrtimer() leading to kernel crash.
-
PSBM-88577
Soft lockup in xfrm_policy_flush().
If an error occurred during execution of xfrm_net_init() when a new network namespace was created, xfrm_policy_lock could remain uninitialized. As a result, soft lockup could happen in xfrm_policy_flush() if it tried to acquire the lock after that.
-
PSBM-88561
ploop: kernel crash in dio_open().
It was found that the implementation of ploop did not handle errors reported by kthread_create() properly. This could lead to a kernel crash in dio_open().
-
PSBM-87836
Containers with NFS mounts failed to migrate: CRIU complained about nfs/clntX files.
It was discovered that a container with NFS mounts could keep the files /var/lib/nfs/rpc_pipefs/nfs/clntX open, even if no NFS server was running there. As a result, CRIU reported errors when the users tried to migrate the container.
-
PSBM-88082
File systems: insufficient error handling in sget() could lead to excessive memory consumption.
-
PSBM-87859
Kernel bug: scheduling while atomic in scsi_register_device_handler().
-
PSBM-73001
sunrpc: potential kernel crash (use after free) in svc_process_common().
-
PSBM-87665
fuse_kio_pcs: potential kernel crash (NULL pointer dereference) in pcs_map_encode_req().
-
PSBM-87649
Potential out-of-bounds read in fuse_dev_splice_write().
-
PSBM-87670
Attempts to start a container fail with errors like 'cannot create directory /sys/fs/cgroup/beancounter/{something}'.
-
PSBM-87281
'libvirtd' service was unresponsive because 'cgroup_mutex' was held for a long time.
-
PSBM-87858
Haproxy processes are getting stuck in D state in lock_sock().
-
PSBM-87877
Processes could get stuck in an unkillable state when using large FUSE KIO messages.
It was found that rpc_get_hdr() function from 'fuse_kio_pcs' module did not return valid values in 'msg_size' in some cases. As a result, the processes using large FUSE KIO messages could get stuck in an unkillable state.
-
PSBM-87338
Containers failed to start due to memory allocation failure in ip_set_net_init().
Kernel module 'ip_set' tried to allocate physically contiguous memory areas for its array of pointers to 'ip_set' structures in ip_set_net_init(). If large enough maximum number of IP sets was requested from the user space, memory allocation would fail. Containers would fail to start as a result.
-
CVE-2017-18344
Out-of-bounds access in show_timer() function.
The implementation of timer_create system call in the Linux kernel before 4.14.8 doesn't properly validate the sigevent::sigev_notify field, which leads to out-of-bounds access in the show_timer function (called when /proc/$PID/timers is read). This allows userspace applications to read arbitrary kernel memory (on a kernel built with CONFIG_POSIX_TIMERS and CONFIG_CHECKPOINT_RESTORE).
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-18344
