Synopsis: Important: kernel security and bug fix update
Advisory ID: SLSA-2016:1033-1
Issue Date: 2016-05-12
CVE Numbers: CVE-2016-0758
* A flaw was found in the way the Linux kernel’s ASN.1 DER decoder
processed certain certificate files with tags of indefinite length. A
local, unprivileged user could use a specially crafted X.509 certificate
DER file to crash the system or, potentially, escalate their privileges on
the system. (CVE-2016-0758, Important)
* Under certain conditions, the migration threads could race with the CPU
hotplug, which could cause a deadlock. A set of patches has been provided
to fix this bug, and the deadlock no longer occurs in the system.
* A bug in the code that cleans up revoked delegations could previously
cause a soft lockup in the NFS server. This patch fixes the underlying
source code, so the lockup no longer occurs.
* The second attempt to reload Common Application Programming Interface
(CAPI) devices on the little-endian variant of IBM Power Systems
previously failed. The provided set of patches fixes this bug, and
reloading works as intended.
* Due to inconsistencies in page size of IOMMU, the NVMe device, and the
kernel, the BUG_ON signal previously occurred in the nvme_setup_prps()
function, leading to the system crash while setting up the DMA transfer.
The provided patch sets the default NVMe page size to 4k, thus preventing
the system crash.
* Previously, on a system using the Infiniband mlx5 driver used for the
SRP stack, a hard lockup previously occurred after the kernel exceeded
time with lock held with interrupts blocked. As a consequence, the system
panicked. This update fixes this bug, and the system no longer panics in
* On the little-endian variant of IBM Power Systems, the kernel previously
crashed in the bitmap_weight() function while running the memory affinity
script. The provided patch fortifies the topology setup and prevents
sd->child from being set to NULL when it is already NULL. As a result, the
memory affinity script runs successfully.
* When a KVM guest wrote random values to the special-purpose registers
(SPR) Instruction Authority Mask Register (IAMR), the guest and the
corresponding QEMU process previously hung. This update adds the code
which sets SPRs to a suitable neutral value on guest exit, thus fixing
* Under heavy iSCSI traffic load, the system previously panicked due to a
race in the locking code leading to a list corruption. This update fixes
this bug, and the system no longer panics in this situation.
* During SCSI exception handling (triggered by some irregularities), the
driver could previously use an already retired SCSI command. As a
consequence, a kernel panic or data corruption occurred. The provided
patches fix this bug, and exception handling now proceeds successfully.
* When the previously opened /dev/tty, which pointed to a pseudo terminal
(pty) pair, was the last file closed, a kernel crash could previously
occur. The underlying source code has been fixed, preventing this bug.
* Previously, when using VPLEX and FCoE via the bnx2fc driver, different
degrees of data corruption occurred. The provided patch fixes the FCP
Response (RSP) residual parsing in bnx2fc, which prevents the
– Scientific Linux Development Team