Security Advisory Important: kernel-rt security and bug fix update

Advisory: RHSA-2010:0758-1
Type: Security Advisory
Severity: Important
Issued on: 2010-10-07
Last updated on: 2010-10-07
Affected Products: Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5)
CVEs ( CVE-2010-3067


Updated kernel-rt packages that fix two security issues and three bugs are
now available for Red Hat Enterprise MRG 1.2.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

The kernel-rt packages contain the Linux kernel, the core of any Linux
operating system.

This update fixes the following security issues:

* The compat_alloc_user_space() function in the Linux kernel 32/64-bit
compatibility layer implementation was missing sanity checks. This function
could be abused in other areas of the Linux kernel if its length argument
can be controlled from user-space. On 64-bit systems, a local, unprivileged
user could use this flaw to escalate their privileges. (CVE-2010-3081,

* A missing upper bound integer check was found in the sys_io_submit()
function in the Linux kernel asynchronous I/O implementation. A local,
unprivileged user could use this flaw to cause an information leak.
(CVE-2010-3067, Low)

Red Hat would like to thank Ben Hawkes for reporting CVE-2010-3081, and
Tavis Ormandy for reporting CVE-2010-3067.

This update also fixes the following bugs:

* The RHSA-2010:0631 kernel-rt update resolved an issue (CVE-2010-2240)
where, when an application has a stack overflow, the stack could silently
overwrite another memory mapped area instead of a segmentation fault
occurring. This update implements the official upstream fixes for that
issue. Note: This is not a security regression. The original fix was
complete. (BZ#624604)

* In certain circumstances, under heavy load, certain network interface
cards using the bnx2 driver, and configured to use MSI-X, could stop
processing interrupts and then network connectivity would cease.

* This update upgrades the tg3 driver to version 3.110. (BZ#640334)

Users are advised to upgrade to these updated packages, which contain
backported patches to correct these issues. The system must be rebooted for
this update to take effect.


Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

To install kernel packages manually, use "rpm -ivh [package]". Do not
use "rpm -Uvh" as that will remove the running kernel binaries from
your system. You may use "rpm -e" to remove old kernels after
determining that the new kernel functions properly on your system.

Updated packages

Red Hat Enterprise MRG v1 for Red Hat Enterprise Linux (version 5)

File outdated by:  RHBA-2013:0927
    MD5: 518e8dcf87a0eeeb54f9cefc6e29e4e4
SHA-256: b136faa7b5f7f9b8d0f9237244526ccbd4b1f793310d87e54946d64979ecab6c
File outdated by:  RHBA-2013:0927
    MD5: e8d0d7569d1be65001ef6ff964137673
SHA-256: f77ca46934effcd57e07cfa4a73f02f5a1d6a0be4b23c6e5aa542d89e8cb1505
File outdated by:  RHBA-2013:0927
    MD5: 5940184619a8276dc2bc2a1f368c7bbb
SHA-256: 5491ed0ba3e0fef70d630b02d5f57946270e18c30a4b8f3524ed36da2e6c63c1
File outdated by:  RHBA-2013:0927
    MD5: 1db751169936ae5e195e4e6432fc426e
SHA-256: 62c6c840258c1d3647229bf7205c6f5a6cc5474cac235dcf2b285fe9919ec9e2
File outdated by:  RHBA-2013:0927
    MD5: ba52f8472aa277c9d5b8466189408605
SHA-256: 424dbb744a2a6ec9b42244d806156699c1e27e47d76f903cf562cafc9f391ae6
File outdated by:  RHBA-2013:0927
    MD5: 4927b3410653984680a694ba4edb57f6
SHA-256: 741b713f9d1548a800aef9bd4ef8be821e4c44729eb6bedf2076f3c6416a2965
File outdated by:  RHBA-2013:0927
    MD5: ed9e37cf6d1afbcff6ef309be10c0e95
SHA-256: 8a6d901c40a7bad6cc464ffa93b6789461d1c7e0675f96134bfcd0144abe9659
File outdated by:  RHBA-2013:0927
    MD5: 4ec5293757a2eeffae5035aebc9b1094
SHA-256: 51cfbdccd697221ddaa9c971c0eaba5ca8f7292f08d7c8d9de3f04947cc44ddc
File outdated by:  RHBA-2013:0927
    MD5: baed5f5bab82d6cf878934bce0ba2cff
SHA-256: fa098a558a3a7817e3641f59ae4a995a6c4508b8293f9ac6cd76abecec974ff0
File outdated by:  RHBA-2013:0927
    MD5: b9e5d02b2ec4098a4e5e6a73dcb4529b
SHA-256: c568ae24f453d3cc95a2971ae2830569625db704f80525bed5b3ab59edde847d
File outdated by:  RHBA-2013:0927
    MD5: 45fab3814c1fa73dc918062a367f1efc
SHA-256: 4d2c04593a576a21e708650e5fec9a252f6a10665c07a4b5e7580e27dc7d8558
File outdated by:  RHBA-2013:0927
    MD5: 89dd6f9ebdf17a66c34b682c5f651edf
SHA-256: 385c3700faef2ba7fceed46ccf3f2ac4b74894888fd2c32fc765bc1df940eda4
File outdated by:  RHBA-2013:0927
    MD5: 6e656dd758f065dae14c6b2eb1211bee
SHA-256: c3e7bb10529b9373a5125ebc3e4058880fd8ce5db049fea973a4e24d03cc84cb
File outdated by:  RHBA-2013:0927
    MD5: e0ad019c674ea46af7a4698946ef24fa
SHA-256: 78502854f52cb1ecfc486a4a04f8a7898f242bda3debb05924eec2c4f487fd02
File outdated by:  RHBA-2013:0927
    MD5: 4927b3410653984680a694ba4edb57f6
SHA-256: 741b713f9d1548a800aef9bd4ef8be821e4c44729eb6bedf2076f3c6416a2965
File outdated by:  RHBA-2013:0927
    MD5: bc507faf0e98bedabdd28e3c43e01581
SHA-256: 6fed30987d1d64b6eff7eebb4601d092a2bc212b9a81bc8fb947d6b1731a3650
File outdated by:  RHBA-2013:0927
    MD5: ff1b0759bcac692f1a9ed8880f2ba77c
SHA-256: 4abc059fe14484de62c79d8bafbdbaf4c84d8fa3f02c7058912f15ea7cdd757b
File outdated by:  RHBA-2013:0927
    MD5: e68580689c34d2e5266cac170f1b2fa5
SHA-256: 9f1e1ece1f6c2a20faf67bda9602aac9e5135ea0dc70cc368d34dacff7bc286b
File outdated by:  RHBA-2013:0927
    MD5: 866b3f442d50e5662b66681a0a6afc0a
SHA-256: 71a1e691b61f8937a05b45bd86d23705713f99b8bdbe37753b7b6931b5a4eba7
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

624604 - Backport official CVE-2010-2240 fixes
629441 - CVE-2010-3067 kernel: do_io_submit() infoleak
634457 - CVE-2010-3081 kernel: 64-bit Compatibility Mode Stack Pointer Underflow
640334 - update MRG 1.2 tg3 driver to latest upstream driver


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

The Red Hat security contact is More contact details at