A flaw was found in the Linux kernel handles IRET faults during NMIs processing. An unprivileged local user could use this flaw to crash the system or, potentially (though we believe it's unlikely), escalate their privileges on the system. Upstream patch: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9b6e6a8334d56354853f9c255d1395c2ba570e0a References: http://www.openwall.com/lists/oss-security/2015/07/22/7 Acknowledgements: Red Hat would like to thank Andy Lutomirski for reporting this issue.
Statement: This issue does affect the Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. Future updates in the respective releases may address this flaw. Red Hat Enterprise Linux 5 is now in Production 3 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: https://access.redhat.com/support/policy/updates/errata/.
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0212 https://rhn.redhat.com/errata/RHSA-2016-0212.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2016:0185 https://rhn.redhat.com/errata/RHSA-2016-0185.html
This issue has been addressed in the following products: MRG for RHEL-6 v.2 Via RHSA-2016:0224 https://rhn.redhat.com/errata/RHSA-2016-0224.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2016:0715 https://rhn.redhat.com/errata/RHSA-2016-0715.html