security update in Fedora 25 for kernel

Status: stable 2 years ago

The 4.10.8 stable update contains a number of important fixes across the tree

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

How to install

sudo dnf upgrade --advisory=FEDORA-2017-93dec9eba5

Comments 23

This update has been submitted for testing by jforbes.

wfm - desktop 16GB Intel i7-3770 CPU using the Mate Desktop

karma: +1 critpath: +1 kernel regression: +1

Works for me, x86_64 work station. Plasma DE, Nvidia card/nouveau

karma: +1 critpath: +1 kernel regression: +1

works for me - but what is going on at kernel.org - release often is fine BUT every second day?

karma: +1

This update has been pushed to testing.

Boots here on x86_64 (Atom server, T450s, VM).

karma: +1 critpath: +1

@hreindl keeping ahead of CVE's is good !

karma: +1 critpath: +1 #1437469: +1 #1435153: +1

boots fine on my 64bit pc

karma: +1 critpath: +1

@funfunctor: i doubt that each and evey kernel update in the past was about CVE's and even if - if it goes in a direction that you have to reboot your servers 2 or 3 times a week it's unacceptable and developemnt upstream should realize that they are no longer able to keep reasoanable quality with the current developemtn speed of new kernel versions (and no i don't talk about that bugfix releases but about way too less time between release 4.9.0 and 4.10RC)

  • Works for me on Thinkpad X220.
  • Passed kernel regression tests.
karma: +1 critpath: +1 kernel regression: +1

LGTM, pass default and performance test

karma: +1

works for me

karma: +1

No regressions noted on x86_64 Ivy Bridge and i686 Diamondville.

karma: +1 critpath: +1

LGTM, Thinkpad X250

karma: +1 critpath: +1

@hreindl this is probably the wrong forum for this discussion; however fedora tried to keep on top of CVE's - almost every single kernel releases addresses at least half a dozen CVE's. Regarding your reboot issue, you should consider looking into live patching, i.e., kpatch.

This update has been submitted for stable by jforbes.

This update has been pushed to stable.


Same issue as anonymous posters on previous kernel page.

This issue happens with all 4.10.x kernels released so far.

I have a nvidia GK107 card using the nouveau driver. When kde screenlocker starts, the logs are filling up with the following entry (several hundreds per second) :

nouveau 0000:01:00.0: fifo: PBDMA0: 04000000 [ACQUIRE] ch 2 [007f9e3000 Xorg[1414]] subc 0 mthd 0000 data 00000000

My PC is then not responding anymore (caps lock light wont change). Power off using the PC power button is the only option.

I also noticed that when the freeze problem above is not happening, the screenlocker still does not behave properly, since I have to kill it from the console so that I can enter my password to unlock, otherwise the field is not selectable.


Sorry for the blank comment above; just figuring out how to add comment properly.

Exact same problem as anonymous above: Fedora 25 stock 4.10.8 kernel and all earlier 4.10.x kernels. Total display lockup on KDE plasma when screen saver kicks in; intermittent: happens about every 3 - 5 times, otherwise normal screensaver. Can ssh in, but normal shutdown stalls after "shutdown now" command; only forced power cycle recovers. Have not found nouveau errors in logs but I may not know where to look. Have checked /var/log/messages and dmesg. Happy to test patched kernels.

Thanks for your ongoing great work!

@ebarkan: use "journalctl -k -b 0" to see the current kernel log. Also, if you're dealing with suspend issues or what-not, a good starting reference is: Best practice to debug Linux suspend/hibernate issues.

@dhgutteridge: Thanks for the quick response. After running all night my system finally hung again. I ran "journalctl -k -b 0" via ssh as you suggested, but no new entries whatsoever appeared since yesterday evening. I have emailed a file dump from that command to you, in case there's any thing unusual in it. I have also attached a /var/log/Xorg.0 to the email to give you details of my Nvidia video hardware.

I am not using any suspend/hibernate functionality at all. This is a desktop computer and I am only using simple "Screen Energy Saving" under KDE system settings. I do not invoke "Suspend Session" at all (left unchecked).

@ebarkan: This is better addressed on the Fedora Forum at this point, as Bodhi isn't really a good medium for discussing issues after the package in question has been pushed to stable. (Especially since we're spamming the other commenters here.) Anyway, it's possible nothing was logged because by default most priority levels of messages only get synced to disk every five minutes (see SyncIntervalSec in journald.conf[5]).

Content Type
Test Gating
Submitted by
Update Type
Update Severity
stable threshold: 3
unstable threshold: -3
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 6

00 #1435153 CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm
00 #1435719 CVE-2017-7261 kernel: drm/vmwgfx: check that number of mip levels is above zero
00 #1435740 CVE-2017-7261 kernel: drm/vmwgfx: check that number of mip levels is above zero [fedora-all]
00 #1436629 CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS feature causes out-of-bounds read
00 #1436661 CVE-2017-7277 kernel: Mishandling SCM_TIMESTAMPING_OPT_STATS feature causes out-of-bounds read [fedora-all]
00 #1437469 CVE-2017-7184 kernel: Out-of-bounds heap access in xfrm [fedora-all]

Automated Test Results

Test Cases

0+3 Test Case kernel regression