[gpfsug-discuss] kernel 3.10.0-1160.36.2.el7.x86_64 (CVE-2021-33909) not compatible with DB2 (for TSM, HPSS, possibly other IBM apps)

Jaime Pinto pinto at scinet.utoronto.ca
Fri Jul 30 15:11:45 BST 2021 

Hey Jonathan

3.10.0-1160.31.1 seems to be one of the last kernel releases prior to the CVE-2021-33909 exploit.
3.10.0-1160.36.2.el7.x86_64 seems to be the first on the Redhat repo that fixes the exploit, but it's not working for our combination of TSM/DB2 versions:
* TSM 8.1.8
* DB2 v11.1.4.4

I'll just keep one eye on the repo for the next kernel available and try it again. Until then I'll stick with 3.10.0-1062.18.1

On the HPSS side 3.10.0-1160.36.2.el7.x86_64 worked fine with DB2 11.5, but not with 10.5

Thanks
Jaime


On 7/30/2021 07:27:49, Jonathan Buzzard wrote:
> On 30/07/2021 05:16, Jaime Pinto wrote:
>>
>> Alert related to sysadmins managing TSM/DB2 servers and those responsible for applying security patches, in particular kernel 3.10.0-1160.36.2.el7.x86_64, despite security concerns raised by CVE-2021-33909:
>>
>> Please hold off on upgrading your RedHat systems (possibly centos too). I just found out the hard way that kernel 3.10.0-1160.36.2.el7.x86_64 is not compatible with DB2, and after the node reboot DB2 would not work anymore, not only on TSM, but neither on HPSS. I had to revert the kernel to 3.10.0-1062.18.1.el7.x86_64 to get DB2 working properly again.
>>
> 
> For the record I have been running Spectrum Protect Extended Edition 8.1.12 on 3.10.0-1160.31.1 (genuine RHEL 7.9) since the 11th of June this year.
> 
> I would say therefore there is no need to roll back quite so far as 3.10.0-1062.18.1 which is quite ancient now.
> 
> Can't test anything newer as I am literally in the middle of migrating our TSM server to new hardware and a RHEL 8.4 install. Spent yesterday in the data centre re-cabling the disk arrays to the new server; neat, tidy and labelled this time :-)
> 
> 
> JAB.
> 

---
Jaime Pinto - Storage Analyst
SciNet HPC Consortium - Compute/Calcul Canada
www.scinet.utoronto.ca - www.computecanada.ca
University of Toronto
661 University Ave. (MaRS), Suite 1140
Toronto, ON, M5G1M1
P: 416-978-2755
C: 416-505-1477

More information about the gpfsug-discuss mailing list