The kernel packages contain the Linux kernel, the core of any Linux
operating system.
A flaw was found in the way the Linux kernel’s VFS subsystem handled file
system locks. A local, unprivileged user could use this flaw to trigger a
deadlock in the kernel, causing a denial of service on the system.
(CVE-2014-8559, Moderate)
A buffer overflow flaw was found in the way the Linux kernel’s virtio-net
subsystem handled certain fraglists when the GRO (Generic Receive Offload)
functionality was enabled in a bridged network configuration. An attacker
on the local network could potentially use this flaw to crash the system,
or, although unlikely, elevate their privileges on the system.
(CVE-2015-5156, Moderate)
The CVE-2015-5156 issue was discovered by Jason Wang of Red Hat.
The kernel-rt packages have been upgraded to version 3.10.0-229.20.1, which
provides a number of bug fixes and enhancements over the previous version,
including:
Unexpected completion is detected on Intel Ethernet x540
Divide by zero error in intel_pstate_timer_func() [ inline s64
div_s64_rem() ]
NFS Recover from stateid-type error on SETATTR
pNFS RHEL 7.1 Data Server connection remains after umount due to lseg
refcount leak
Race during NFS v4.0 recovery and standard IO.
Fix ip6t_SYNPROXY for namespaces and connection delay
synproxy window size and sequence number behaviour causes long connection
delay
Crash in kmem_cache_alloc() during disk stress testing (using ipr)
xfs: sync/backport to upstream v4.1
iscsi_session recovery_tmo revert back to default when a path becomes
active
read from MD raid1 can fail if read from resync target fails
backport scsi-mq
unable to handle kernel paging request at 0000000000237037 [zswap]
(BZ#1266915)
All kernel-rt users are advised to upgrade to these updated packages, which
correct these issues and add this enhancement. The system must be rebooted
for this update to take effect.