kernel-3.10.0-514.el7

The kernel package contains the Linux kernel (vmlinuz), the core of any
Linux operating system. The kernel handles the basic functions
of the operating system: memory allocation, process allocation, device
input and output, etc.

Security issues fixed with this release:

CVE-2013-4312
The Linux kernel before 4.4.1 allows local users to bypass
file-descriptor limits and cause a denial of service (memory
consumption) by sending each descriptor over a UNIX socket before
closing it, related to net/unix/af_unix.c and net/unix/garbage.c.
CVE-2015-8374
fs/btrfs/inode.c in the Linux kernel before 4.3.3 mishandles
compressed inline extents, which allows local users to obtain
sensitive pre-truncation information from a file via a clone action.
CVE-2015-8543
The networking implementation in the Linux kernel through 4.3.3, as
used in Android and other products, does not validate protocol
identifiers for certain protocol families, which allows local users to
cause a denial of service (NULL function pointer dereference and
system crash) or possibly gain privileges by leveraging CLONE_NEWUSER
support to execute a crafted SOCK_RAW application.
CVE-2015-8746
fs/nfs/nfs4proc.c in the NFS client in the Linux kernel before 4.2.2
does not properly initialize memory for migration recovery operations,
which allows remote NFS servers to cause a denial of service (NULL
pointer dereference and panic) via crafted network traffic.
CVE-2015-8812
drivers/infiniband/hw/cxgb3/iwch_cm.c in the Linux kernel before 4.5
does not properly identify error conditions, which allows remote
attackers to execute arbitrary code or cause a denial of service
(use-after-free) via crafted packets.
CVE-2015-8844
The signal implementation in the Linux kernel before 4.3.5 on powerpc
platforms does not check for an MSR with both the S and T bits set,
which allows local users to cause a denial of service (TM Bad Thing
exception and panic) via a crafted application.
CVE-2015-8845
The tm_reclaim_thread function in arch/powerpc/kernel/process.c in the
Linux kernel before 4.4.1 on powerpc platforms does not ensure that TM
suspend mode exists before proceeding with a tm_reclaim call, which
allows local users to cause a denial of service (TM Bad Thing
exception and panic) via a crafted application.
CVE-2015-8956
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the
Linux kernel before 4.2 allows local users to obtain sensitive
information or cause a denial of service (NULL pointer dereference)
via vectors involving a bind system call on a Bluetooth RFCOMM socket.
CVE-2016-2053
The asn1_ber_decoder function in lib/asn1_decoder.c in the Linux
kernel before 4.3 allows attackers to cause a denial of service
(panic) via an ASN.1 BER file that lacks a public key, leading to
mishandling by the public_key_verify_signature function in
crypto/asymmetric_keys/public_key.c.
CVE-2016-2069
Race condition in arch/x86/mm/tlb.c in the Linux kernel before 4.4.1
allows local users to gain privileges by triggering access to a paging
structure by a different CPU.
CVE-2016-2117
The atl2_probe function in drivers/net/ethernet/atheros/atlx/atl2.c in
the Linux kernel through 4.5.2 incorrectly enables scatter/gather I/O,
which allows remote attackers to obtain sensitive information from
kernel memory by reading packet data.
CVE-2016-2384
Double free vulnerability in the snd_usbmidi_create function in
sound/usb/midi.c in the Linux kernel before 4.5 allows physically
proximate attackers to cause a denial of service (panic) or possibly
have unspecified other impact via vectors involving an invalid USB
descriptor.
CVE-2016-2847
fs/pipe.c in the Linux kernel before 4.5 does not limit the amount of
unread data in pipes, which allows local users to cause a denial of
service (memory consumption) by creating many pipes with non-default
sizes.
CVE-2016-3070
The trace_writeback_dirty_page implementation in
include/trace/events/writeback.h in the Linux kernel before 4.4
improperly interacts with mm/migrate.c, which allows local users to
cause a denial of service (NULL pointer dereference and system crash)
or possibly have unspecified other impact by triggering a certain page
move.
CVE-2016-3156
The IPv4 implementation in the Linux kernel before 4.5.2 mishandles
destruction of device objects, which allows guest OS users to cause a
denial of service (host OS networking outage) by arranging for a large
number of IP addresses.
CVE-2016-3699
The Linux kernel, as used in Red Hat Enterprise Linux 7.2 and Red Hat
Enterprise MRG 2 and when booted with UEFI Secure Boot enabled, allows
local users to bypass intended Secure Boot restrictions and execute
untrusted code by appending ACPI tables to the initrd.
CVE-2016-3841
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options
data, which allows local users to gain privileges or cause a denial of
service (use-after-free and system crash) via a crafted sendmsg system
call.
CVE-2016-4569
The snd_timer_user_params function in sound/core/timer.c in the Linux
kernel through 4.6 does not initialize a certain data structure, which
allows local users to obtain sensitive information from kernel stack
memory via crafted use of the ALSA timer interface.
CVE-2016-4578
sound/core/timer.c in the Linux kernel through 4.6 does not initialize
certain r1 data structures, which allows local users to obtain
sensitive information from kernel stack memory via crafted use of the
ALSA timer interface, related to the (1) snd_timer_user_ccallback and
(2) snd_timer_user_tinterrupt functions.
CVE-2016-4581
fs/pnode.c in the Linux kernel before 4.5.4 does not properly traverse
a mount propagation tree in a certain case involving a slave mount,
which allows local users to cause a denial of service (NULL pointer
dereference and OOPS) via a crafted series of mount system calls.
CVE-2016-4794
Use-after-free vulnerability in mm/percpu.c in the Linux kernel
through 4.6 allows local users to cause a denial of service (BUG) or
possibly have unspecified other impact via crafted use of the mmap and
bpf system calls.
CVE-2016-5412
arch/powerpc/kvm/book3s_hv_rmhandlers.S in the Linux kernel through
4.7 on PowerPC platforms, when CONFIG_KVM_BOOK3S_64_HV is enabled,
allows guest OS users to cause a denial of service (host OS infinite
loop) by making a H_CEDE hypercall during the existence of a suspended
transaction.
CVE-2016-5828
The start_thread function in arch/powerpc/kernel/process.c in the
Linux kernel through 4.6.3 on powerpc platforms mishandles
transactional state, which allows local users to cause a denial of
service (invalid process state or TM Bad Thing exception, and system
crash) or possibly have unspecified other impact by starting and
suspending a transaction before an exec system call.
CVE-2016-5829
Multiple heap-based buffer overflows in the hiddev_ioctl_usage
function in drivers/hid/usbhid/hiddev.c in the Linux kernel through
4.6.3 allow local users to cause a denial of service or possibly have
unspecified other impact via a crafted (1) HIDIOCGUSAGES or (2)
HIDIOCSUSAGES ioctl call.
CVE-2016-6136
Race condition in the audit_log_single_execve_arg function in
kernel/auditsc.c in the Linux kernel through 4.7 allows local users to
bypass intended character-set restrictions or disrupt system-call
auditing by changing a certain string, aka a "double fetch"
vulnerability.
CVE-2016-6198
The filesystem layer in the Linux kernel before 4.5.5 proceeds with
post-rename operations after an OverlayFS file is renamed to a
self-hardlink, which allows local users to cause a denial of service
(system crash) via a rename system call, related to fs/namei.c and
fs/open.c.
CVE-2016-6327
drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel before 4.5.1
allows local users to cause a denial of service (NULL pointer
dereference and system crash) by using an ABORT_TASK command to abort
a device write operation.
CVE-2016-6480
Race condition in the ioctl_send_fib function in
drivers/scsi/aacraid/commctrl.c in the Linux kernel through 4.7 allows
local users to cause a denial of service (out-of-bounds access or
system crash) by changing a certain size value, aka a "double fetch"
vulnerability.

Additional Changes: