Bug 1084829 (CVE-2018-8043)

Summary: VUL-1: CVE-2018-8043: kernel: NULL pointer dereference in drivers/net/phy/mdio-bcm-unimac.c:unimac_mdio_probe() can lead to denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Minor    
Priority: P4 - Low CC: bpetkov, bpoirier, mbrugger, smash_bz, tbogendoerfer, tiwai, yousaf.kaukab
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/201649/
Whiteboard: CVSSv3:RedHat:CVE-2018-8043:3.3:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L) CVSSv3:SUSE:CVE-2018-8043:0.0:(AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:N) CVSSv2:NVD:CVE-2018-8043:2.1:(AV:L/AC:L/Au:N/C:N/I:N/A:P) CVSSv3:NVD:CVE-2018-8043:5.5:(AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSSv3:RedHat:CVE-2018-8043:4.1:(AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2018-03-12 07:25:49 UTC
via rh bugzilla

The unimac_mdio_probe function in drivers/net/phy/mdio-bcm-unimac.c in the Linux
kernel through 4.15.8 does not validate certain resource availability, which
allows local users to cause a denial of service (NULL pointer dereference).

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1554199
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-8043
http://www.cvedetails.com/cve/CVE-2018-8043/
https://github.com/torvalds/linux/commit/297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=297a6961ffb8ff4dc66c9fbf53b924bd1dda05d5
Comment 1 Marcus Meissner 2018-03-12 07:36:52 UTC
I do not see this attacker triggerable... out of resources seems hardware based only.
Comment 2 Marcus Meissner 2018-03-12 07:38:24 UTC
module is built, but unsupported.
Comment 4 Benjamin Poirier 2018-03-26 02:20:11 UTC
Introduced in
2ba1b163c9d5 net: phy: add generic UniMAC MDIO bus driver (v3.18-rc1)
Fixed in
297a6961ffb8 net: phy: mdio-bcm-unimac: fix potential NULL dereference in unimac_mdio_probe() (v4.16-rc1)

cve/linux-2.6.16 : 2.6.16.60
cve/linux-2.6.32 : 2.6.32.54
cve/linux-3.0 : 3.0.101
cve/linux-3.12 : 3.12.61
	above four, not applicable
SLE12-SP2 : 4.4.121
	pushed to f9b9d15b16
SLE12-SP3 : 4.4.121
	pushed to 02701aaccd
SLE15 : 4.12.14
	pushed to 4836f39790
master : 4.16.0-rc6
	not applicable
stable : 4.15.13
	pushed to 7b5f96bb68
Comment 5 Swamp Workflow Management 2018-04-17 16:12:26 UTC
openSUSE-SU-2018:0972-1: An update that solves three vulnerabilities and has 52 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075428,1076033,1077560,1081358,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085224,1085383,1085402,1085404,1085487,1085507,1085981,1086015,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087659,1087845,1087906,1087999,1088087,1088324
CVE References: CVE-2018-1091,CVE-2018-7740,CVE-2018-8043
Sources used:
openSUSE Leap 42.3 (src):    kernel-debug-4.4.126-48.2, kernel-default-4.4.126-48.2, kernel-docs-4.4.126-48.1, kernel-obs-build-4.4.126-48.2, kernel-obs-qa-4.4.126-48.1, kernel-source-4.4.126-48.1, kernel-syms-4.4.126-48.1, kernel-vanilla-4.4.126-48.2
Comment 6 Swamp Workflow Management 2018-04-23 19:12:34 UTC
SUSE-SU-2018:1048-1: An update that solves 5 vulnerabilities and has 62 fixes is now available.

Category: security (important)
Bug References: 1012382,1019695,1019699,1022604,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075428,1076033,1077560,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088241,1088267,1088313,1088324,1088600,1088684,1088871,802154
CVE References: CVE-2017-18257,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Software Development Kit 12-SP3 (src):    kernel-docs-4.4.126-94.22.1, kernel-obs-build-4.4.126-94.22.1
SUSE Linux Enterprise Server 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE Linux Enterprise Live Patching 12-SP3 (src):    kgraft-patch-SLE12-SP3_Update_11-1-4.5.1
SUSE Linux Enterprise High Availability 12-SP3 (src):    kernel-default-4.4.126-94.22.1
SUSE Linux Enterprise Desktop 12-SP3 (src):    kernel-default-4.4.126-94.22.1, kernel-source-4.4.126-94.22.2, kernel-syms-4.4.126-94.22.1
SUSE CaaS Platform ALL (src):    kernel-default-4.4.126-94.22.1
Comment 7 Swamp Workflow Management 2018-05-08 22:17:43 UTC
SUSE-SU-2018:1173-1: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 7 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server for SAP 12-SP2 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Linux Enterprise Server 12-SP2-LTSS (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
SUSE Enterprise Storage 4 (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1
OpenStack Cloud Magnum Orchestration 7 (src):    kernel-default-4.4.121-92.73.1
Comment 8 Marcus Meissner 2018-05-11 14:50:27 UTC
released
Comment 9 Swamp Workflow Management 2018-05-11 16:14:49 UTC
SUSE-SU-2018:1217-1: An update that solves 7 vulnerabilities and has 93 fixes is now available.

Category: security (important)
Bug References: 1005778,1005780,1005781,1012382,1015336,1015337,1015340,1015342,1015343,1019695,1019699,1022604,1022743,1024296,1031717,1046610,1060799,1064206,1068032,1073059,1073069,1075091,1075428,1075994,1076033,1077560,1083125,1083574,1083745,1083836,1084223,1084310,1084328,1084353,1084452,1084610,1084699,1084721,1084829,1084889,1084898,1084914,1084918,1084967,1085042,1085058,1085185,1085224,1085383,1085402,1085404,1085487,1085507,1085511,1085679,1085958,1085981,1086015,1086162,1086194,1086357,1086499,1086518,1086607,1087088,1087211,1087231,1087260,1087274,1087659,1087845,1087906,1087999,1088050,1088087,1088242,1088267,1088313,1088324,1088600,1088684,1088865,1088871,1089198,1089608,1089644,1089752,1089925,802154,810912,812592,813453,880131,966170,966172,966186,966191,969476,969477,981348
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1091,CVE-2018-7740,CVE-2018-8043,CVE-2018-8822
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP3 (src):    kernel-rt-4.4.128-3.11.1, kernel-rt_debug-4.4.128-3.11.1, kernel-source-rt-4.4.128-3.11.1, kernel-syms-rt-4.4.128-3.11.1
Comment 14 Swamp Workflow Management 2018-10-18 17:40:29 UTC
SUSE-SU-2018:1173-2: An update that solves 9 vulnerabilities and has 27 fixes is now available.

Category: security (important)
Bug References: 1012382,1031717,1046610,1057734,1070536,1075428,1076847,1077560,1082153,1082299,1083125,1083745,1083836,1084353,1084610,1084721,1084829,1085042,1085185,1085224,1085402,1085404,1086162,1086194,1087088,1087260,1087845,1088241,1088242,1088600,1088684,1089198,1089608,1089644,1089752,1090643
CVE References: CVE-2017-18257,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7740,CVE-2018-8043,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-SP2-BCL (src):    kernel-default-4.4.121-92.73.1, kernel-source-4.4.121-92.73.1, kernel-syms-4.4.121-92.73.1, kgraft-patch-SLE12-SP2_Update_21-1-3.3.1