CVE-2017-18344 Red Hat Update for kernel (RHSA-2018:3591)

The kernel packages contain the Linux kernel, the core of any Linux operating system.

Security Fixes: kernel: out-of-bounds access in the show_timer function in kernel/time/posix-timers.c (CVE-2017-18344)
kernel: Integer overflow in Linux's create_elf_tables function (CVE-2018-14634)For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s)
listed in the References section.Red Hat would like to thank Qualys Research Labs for reporting CVE-2018-14634.Bug Fix(es): On systems running Red Hat Enterprise Linux 7.3 with Red Hat OpenShift Container Platform 3.5, a node sometimes got into "NodeNotReady" state after a CPU softlockup. Consequently, the node was not available. This update fixes some scheduling latency sources in memory compaction and in the inodes memory reclaim. As a result, nodes no longer get into "NodeNotReady" state under the described circumstances. (BZ#1625866)
Previously, a kernel panic occurred when the kernel tried to make an out of bound access to the array that describes the L1 Terminal Fault (L1TF)
mitigation state on systems without Extended Page Tables (EPT)
support. This update extends the array of mitigation states to cover all the states, which effectively prevents out of bound array access. Also, this update enables rejecting invalid, irrelevant values, that might be erroneously provided by the userspace. As a result, the kernel no longer panics in the described scenario. (BZ#1629566)
Previously, a packet was missing the User Datagram Protocol (UDP)
payload checksum during a full checksum computation, if the hardware checksum was not applied. As a consequence, a packet with an incorrect checksum was dropped by a peer. With this update, the kernel includes the UDP payload checksum during the full checksum computation. As a result, the checksum is computed correctly and the packet can be received by the peer. (BZ#1635794)

Affected Products:

Red Hat Enterprise Linux Server - Extended Update Support 7.3 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.3 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.3 ppc64
Red Hat Enterprise Linux EUS Compute Node 7.3 x86_64
Red Hat Enterprise Linux Server - AUS 7.3 x86_64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.3 ppc64le
Red Hat Enterprise Linux Server - TUS 7.3 x86_64
Red Hat Enterprise Linux Server (for IBM Power LE) - Update Services for SAP Solutions 7.3 ppc64le
Red Hat Enterprise Linux Server - Update Services for SAP Solutions 7.3 x86_64

On successful exploitation it could allow an attacker to execute code.

Upgrade to the latest packages which contain a patch. Refer to Applying Package Updates to RHEL system for details.

Refer to Red Hat security advisory RHSA-2018:3591 to address this issue and obtain more information.

Patch:
Following are links for downloading patches to fix the vulnerabilities:

RHSA-2018:3591: Red Hat Enterprise Linux