kernel-3.10.0-693.17.1.el7

エラータID: AXSA:2018-2578:02

Release date: 
Saturday, February 10, 2018 - 08:16
Subject: 
kernel-3.10.0-693.17.1.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fix(es):

An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions (a commonly used performance optimization). There are three primary variants of the issue which differ in the way the speculative execution can be exploited.

Note: This issue is present in hardware and cannot be fully fixed via software update. The updated kernel packages provide software mitigation for this hardware issue at a cost of potential performance penalty. Please refer to References section for further information about this issue and the performance impact.

In this update initial mitigations for IBM Power (PowerPC) and IBM zSeries (S390) architectures are provided.

* Variant CVE-2017-5715 triggers the speculative execution by utilizing branch target injection. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall and guest/host boundaries and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 processors. (CVE-2017-5715, Important)

* Variant CVE-2017-5753 triggers the speculative execution by performing a bounds-check bypass. It relies on the presence of a precisely-defined instruction sequence in the privileged code as well as the fact that memory accesses may cause allocation into the microprocessor's data cache even for speculatively executed instructions that never actually commit (retire). As a result, an unprivileged attacker could use this flaw to cross the syscall boundary and read privileged memory by conducting targeted cache side-channel attacks. This fix specifically addresses S390 and PowerPC processors. (CVE-2017-5753, Important)

* Variant CVE-2017-5754 relies on the fact that, on impacted microprocessors, during speculative execution of instruction permission faults, exception generation triggered by a faulting access is suppressed until the retirement of the whole instruction block. In a combination with the fact that memory accesses may populate the cache even when the block is being dropped and never committed (executed), an unprivileged local attacker could use this flaw to read privileged (kernel space) memory by conducting targeted cache side-channel attacks. Note: CVE-2017-5754 affects Intel x86-64 microprocessors. AMD x86-64 microprocessors are not affected by this issue. This fix specifically addresses PowerPC processors. (CVE-2017-5754, Important)

Asianux would like to thank Google Project Zero for reporting CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754.

This update also fixes the following security issues and bugs:

CVE-2015-8539
The KEYS subsystem in the Linux kernel before 4.4 allows local users
to gain privileges or cause a denial of service (BUG) via crafted
keyctl commands that negatively instantiate a key, related to
security/keys/encrypted-keys/encrypted.c, security/keys/trusted.c, and
security/keys/user_defined.c.
CVE-2017-12192
The keyctl_read_key function in security/keys/keyctl.c in the Key
Management subcomponent in the Linux kernel before 4.13.5 does not
properly consider that a key may be possessed but negatively
instantiated, which allows local users to cause a denial of service
(OOPS and system crash) via a crafted KEYCTL_READ operation.
CVE-2017-12193
The assoc_array_insert_into_terminal_node function in lib/assoc_array.c
in the Linux kernel before 4.13.11 mishandles node splitting, which
allows local users to cause a denial of service (NULL pointer
dereference and panic) via a crafted application, as demonstrated by
the keyring key type, and key addition and link creation operations.
CVE-2017-15649
net/packet/af_packet.c in the Linux kernel before 4.13.6 allows local
users to gain privileges via crafted system calls that trigger
mishandling of packet_fanout data structures, because of a race
condition (involving fanout_add and packet_do_bind) that leads to a
use-after-free, a different vulnerability than CVE-2017-6346.
CVE-2017-5715
Systems with microprocessors utilizing speculative execution and
indirect branch prediction may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis.
CVE-2017-5753
Systems with microprocessors utilizing speculative execution and
branch prediction may allow unauthorized disclosure of information to
an attacker with local user access via a side-channel analysis.
CVE-2017-5754
Systems with microprocessors utilizing speculative execution and
indirect branch prediction may allow unauthorized disclosure of
information to an attacker with local user access via a side-channel
analysis of the data cache.
CVE-2017-7472
The KEYS subsystem in the Linux kernel before 4.10.13 allows local
users to cause a denial of service (memory consumption) via a series of
KEY_REQKEY_DEFL_THREAD_KEYRING keyctl_set_reqkey_keyring calls.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. kernel-3.10.0-693.17.1.el7.src.rpm
    MD5: af50420e0ef52f299650b759c5da2ce2
    SHA-256: b5391c497f19189b91e80f7d565ba583ae258e9df584602a3d38ddbb4190cfe8
    Size: 88.95 MB

Asianux Server 7 for x86_64
  1. kernel-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 17abfdaa8db4b0134075f2d2485fd43c
    SHA-256: 80836bd48e326291d386be895dd416e367dadb90a0a92716ed60af78d075f83e
    Size: 42.96 MB
  2. kernel-abi-whitelists-3.10.0-693.17.1.el7.noarch.rpm
    MD5: e7e3a43e690c094e010d2f13fdbe0f3e
    SHA-256: 29ddd63b8aef01435f3193583ef56aa5409ed889c1ac1d6900566e38009e5af8
    Size: 5.06 MB
  3. kernel-debug-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 1d1848077edebaec661deec0a6dfaa63
    SHA-256: fd075f3f08c9c28107e8c680a4372bcf8a38ab40262fc0c5f9e5b4c78a00d8af
    Size: 44.90 MB
  4. kernel-debug-devel-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 7c377f2a01708f36bc040141258fade5
    SHA-256: 533f33a1132f95519a11b74ad16f891178149c0ed1d36e38f7986f9c46e212df
    Size: 14.42 MB
  5. kernel-devel-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 6cc16aa758fa05aa1a55012ca50c23eb
    SHA-256: 3db121e4de4c286fed9196decec273c56d7351d3bea746a8a6b644b87a558ae6
    Size: 14.36 MB
  6. kernel-doc-3.10.0-693.17.1.el7.noarch.rpm
    MD5: 75b830a9b9da62eba08d4bde077261b5
    SHA-256: 8a18f056deb7c36a0c00b4eed2bfb29e2ffc28c86ef804661788f43d78bc227d
    Size: 16.24 MB
  7. kernel-headers-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 79b3817670df5cc37e42395bcf8d67d0
    SHA-256: 74174c9905d1956cf22578c6feffce2539d16b4ac872e8e10c22d00f1845c918
    Size: 5.99 MB
  8. kernel-tools-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 969c5b4f2532901d039be9e8c922f17b
    SHA-256: b4c9628b21a0a94903764bf83c7833da605c5aef2d475749ae4e3a5f1d842231
    Size: 5.14 MB
  9. kernel-tools-libs-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 7c4238c68f15f3351bdd9777124fc0f7
    SHA-256: c8e6df98f2d120d802576699767ac8f298d9cfa1daf95d76ea17679e0427d579
    Size: 5.06 MB
  10. perf-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: 2c32c913c104ae95c6797f626f6c4a59
    SHA-256: be5c9826e504ce9255d284c857189d0b88adac9ed740e044668133747b2e9470
    Size: 6.46 MB
  11. python-perf-3.10.0-693.17.1.el7.x86_64.rpm
    MD5: aacdbe325b282cad91d7f60e8ce28e80
    SHA-256: 5e5ef313d3e13c3798a2295df0a3c082a251690bf7d31097449ec0ddcb4ae1bb
    Size: 5.15 MB