Bug 1076537 (CVE-2017-13220)

Summary: VUL-0: CVE-2017-13220: kernel-source: An elevation of privilege vulnerability in the Upstream kernel bluez. Product:Android. Versions: Android kernel. Android ID: A-63527053.
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz, tiwai
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/198239/
Whiteboard: CVSSv3:SUSE:CVE-2017-13220:5.3:(AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-01-18 10:19:52 UTC 
CVE-2017-13220

An elevation of privilege vulnerability in the Upstream kernel bluez. Product:
Android. Versions: Android kernel. Android ID: A-63527053.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-13220
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13220
Comment 1 Marcus Meissner 2018-01-18 10:20:19 UTC 
https://source.android.com/security/bulletin/pixel/2018-01-01

so far not public. need to revisit when it becomes public.
Comment 2 Marcus Meissner 2018-04-10 09:25:47 UTC 
There was a flaw CVE-2017-13220 / Android A-63527053 reported in Android
security bulletin with not much of public details:

https://source.android.com/security/bulletin/pixel/2018-01-01#kernel-components

Per discussion with Android security developer this flaw is related to
an upstream commit 51bda2bca53b ("Bluetooth: hidp_connection_add() unsafe
use of l2cap_pi()").

Red Hat is handling this flaw in:

https://bugzilla.redhat.com/show_bug.cgi?id=1536155

I believe the other distributions may want to update the related bug pages
with the info above:

https://bugzilla.suse.com/show_bug.cgi?id=1076537
https://security-tracker.debian.org/tracker/CVE-2017-13220
https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13220.html

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
Comment 3 Marcus Meissner 2018-04-10 09:46:13 UTC 
I think 51bda2bca53b is the fix, which is in 3.19+
Comment 4 Takashi Iwai 2018-04-10 09:54:57 UTC 
OK, then it's only for cve/linux-3.12 and older branches.
The fix itself is very trivial, so I'll try to backport.
Comment 5 Takashi Iwai 2018-04-10 10:08:12 UTC 
Pushed to cve/linux-3.12.

cve/linux-3.0 and earlier has no relevant code, so it's unlikely vulnerable (if the patch is the only source).

Back to security team.
Comment 6 Swamp Workflow Management 2018-05-11 19:08:09 UTC 
SUSE-SU-2018:1220-1: An update that solves 11 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1083275,1084536,1085279,1085331,1086162,1086194,1087088,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.88.1
Comment 7 Swamp Workflow Management 2018-05-11 19:11:13 UTC 
SUSE-SU-2018:1221-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1084536,1085331,1086162,1087088,1087209,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.128.1, kernel-source-3.12.61-52.128.1, kernel-syms-3.12.61-52.128.1, kernel-xen-3.12.61-52.128.1, kgraft-patch-SLE12_Update_34-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.128.1
Comment 8 Marcus Meissner 2018-08-29 08:55:14 UTC 
released