CVE-2015-8970 Red Hat Update for kernel (RHSA-2017:2437)

The kernel packages contain the Linux kernel, the core of any Linux operating system.

A use-after-free flaw was found in the Linux kernel which enables a race condition in the L2TPv3 IP Encapsulation feature. A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)
A flaw was found that can be triggered in keyring_search_iterator in keyring.c if type->match is NULL. A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)
It was found that the NFSv4 server in the Linux kernel did not properly validate layout type when processing NFSv4 pNFS LAYOUTGET and GETDEVICEINFO operands. A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)
The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel before 4.5 allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. (CVE-2015-8970, Moderate)

Affected Products
Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server - TUS 7.3 x86_64

A local user could use this flaw to escalate their privileges or crash the system. (CVE-2016-10200, Important)
A local user could use this flaw to crash the system or, potentially, escalate their privileges. (CVE-2017-2647, Important)
A remote attacker could use this flaw to soft-lockup the system and thus cause denial of service. (CVE-2017-8797, Important)
On successful exploitation it allows local users to cause a system crash and a denial of service by the NULL pointer dereference via accept(2) system call for AF_ALG socket without calling setkey() first to set a cipher key. (CVE-2015-8970, Moderate)

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2017:2437 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2017:2437: Red Hat Enterprise Linux