|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2015-8961: kernel: Use after free in __ext4_journal_stop function allowing privilege escalation | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Johannes Segitz <jsegitz> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | bpetkov, jack, mbenes, meissner, smash_bz, tiwai |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/176391/ | ||
| Whiteboard: | CVSSv2:NVD:CVE-2015-8961:9.3:(AV:N/AC:M/Au:N/C:C/I:C/A:C) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Johannes Segitz
2016-11-16 14:26:33 UTC
bugbot adjusting priority So the problematic commit that introduced the bug was 9d506594069355d1fb2de3f9104667312ff08ed3 (not the one mentioned in the Fixes tag) which got merged in 4.1-rc4. The fix got into 4.4-rc5. I've checked and SLE12-LTSS and SLE12-SP1 branches got both involved patches from the 3.12-stable kernel. openSUSE 42.1 and thus SLE12-SP1 ARM branches got the fix from 4.1 stable as well. SLE12-SP2 is already based on 4.4, openSUSE 13.2 and SLE11-SP4 kernels didn't get the original buggy commit. So we are fine. Reassigning back to security-team as there's nothing more to do. thanks! |