Bug 1037306 (CVE-2015-9004)

Summary: VUL-0: CVE-2015-9004: kernel-source: kernel/events/core.c in < 3.19 mishandles counter grouping (perf_pmu_register and perf_event_open)
Product: [Novell Products] SUSE Security Incidents Reporter: Mikhail Kasimov <mikhail.kasimov>
Component: IncidentsAssignee: Tony Jones <tonyj>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: jcejka, meissner, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: CVSSv2:SUSE:CVE-2015-9004:6.2:(AV:L/AC:H/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2015-9004:9.3:(AV:N/AC:M/Au:N/C:C/I:C/A:C) CVSSv3:RedHat:CVE-2015-9004:7.8:(AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1040251    

Description Mikhail Kasimov 2017-05-02 23:41:16 UTC 
Ref: https://nvd.nist.gov/vuln/detail/CVE-2015-9004
===================================================
Description

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

Source:  MITRE      Last Modified:  05/02/2017
===================================================

Hyperlink

[1] http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511

[2] https://github.com/torvalds/linux/commit/c3c87e770458aa004bd7ed3f29945ff436fd6511

[3] https://source.android.com/security/bulletin/2017-05-01

Please, check, if it is applicable for SUSE-supported kernel-branches.
Comment 1 Takashi Iwai 2017-05-03 14:52:54 UTC 
The upstream fix is in 3.19 -> SLE12-SP2/SP3, openSUSE are OK.
The fix is included in 3.12.68 stable kernel -> SLE12-SP0/SP1 are OK.

I leave the rest checks to Tony :)
Comment 2 Josef Cejka 2017-05-23 10:30:28 UTC 
Customer in bug #1040251 asks if the bug affects SLES11SP4.
Comment 3 Josef Cejka 2017-05-23 16:15:49 UTC 
(In reply to Josef Cejka from comment #2)
> Customer in bug #1040251 asks if the bug affects SLES11SP4.

and SLES11SP3 too.
Comment 4 Tony Jones 2017-06-12 18:20:59 UTC 
Neither SLE11-SP3-LTSS or SLE11-SP4 are affected as neither contains 9fc81d87420d

Closing.
Comment 5 Marcus Meissner 2017-06-19 09:33:49 UTC 
the sle12 ga ltss kernel did not receive the minor stable updates so far.

so it is still affected.
Comment 6 Tony Jones 2017-06-23 23:36:02 UTC 
(In reply to Marcus Meissner from comment #5)
> the sle12 ga ltss kernel did not receive the minor stable updates so far.
> 
> so it is still affected.

pushed to git:users/tonyj/SLE12-LTSS/for-next
Comment 7 Swamp Workflow Management 2017-11-02 17:15:08 UTC 
SUSE-SU-2017:2920-1: An update that solves 36 vulnerabilities and has 22 fixes is now available.

Category: security (important)
Bug References: 1008353,1012422,1017941,1029850,1030593,1032268,1034405,1034670,1035576,1035877,1036752,1037182,1037183,1037306,1037994,1038544,1038879,1038981,1038982,1039348,1039349,1039354,1039456,1039721,1039882,1039883,1039885,1040069,1041431,1041958,1044125,1045327,1045487,1045922,1046107,1047408,1048275,1049645,1049882,1052593,1053148,1053152,1056588,1056982,1057179,1058038,1058410,1058507,1058524,1062520,1063667,1064388,938162,975596,977417,984779,985562,990682
CVE References: CVE-2015-9004,CVE-2016-10229,CVE-2016-9604,CVE-2017-1000363,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-10661,CVE-2017-11176,CVE-2017-12153,CVE-2017-12154,CVE-2017-12762,CVE-2017-13080,CVE-2017-14051,CVE-2017-14106,CVE-2017-14140,CVE-2017-15265,CVE-2017-15274,CVE-2017-15649,CVE-2017-2647,CVE-2017-6951,CVE-2017-7482,CVE-2017-7487,CVE-2017-7518,CVE-2017-7541,CVE-2017-7542,CVE-2017-7889,CVE-2017-8106,CVE-2017-8831,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.101.1, kernel-source-3.12.61-52.101.1, kernel-syms-3.12.61-52.101.1, kernel-xen-3.12.61-52.101.1, kgraft-patch-SLE12_Update_28-1-8.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.101.1