14 DAY TRIAL // An important Linux kernel security patch has been released today, March 6, 2017, for users of the CentOS 7 operating system series, addressing a total of four vulnerabilities discovered recently.
CentOS 7 series are based on the freely distributed sources of the Red Hat Enterprise Linux 7 operating system, which means that it always inherits its newest kernel security updates. This one happens to be an important one, and users are urged to update their systems immediately to kernel-3.10.0-514.10.2.el7.
According to upstream RHSA-2017:0386-1 security advisory, the kernel patch resolves a vulnerability (CVE-2016-8630) found in Linux kernel's KVM (Kernel-based Virtual Machine) implementation, which could occur on 32-bit (x86) platforms when an undefined instruction was emulated, allowing an attacker to crash the host kernel.
The second security flaw (CVE-2016-8655) is in fact a race condition discovered in Linux kernel's networking subsystem, specifically in the raw packet sockets implementation, which could have allowed a local attacker to gain root access by opening a raw packet socket using the CAP_NET_RAW capability.
All CentOS 7 users are urged to update their systems immediately
The third security flaw (CVE-2016-9083) was discovered in Linux kernel's VFIO implementation, and it could allow an attacker to corrupt the memory by issuing an ioctl. Lastly, the fourth security issue (CVE-2016-9084) could be used in combination with the third one to allow attackers to crash the vulnerable system.
All users of the CentOS 7 operating system series are urged to update their installations as soon as possible to the new kernel version mentioned above. These issues also affect users of Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, Red Hat Enterprise Linux Server TUS 7.3, and Red Hat Enterprise Linux Workstation 7 OSes.