|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2021-22600: kernel-source,kernel-source-rt,kernel-source-azure: A double free bug in packet_set_ring() in net/packet/af_packet.c can be exploited by a local user through crafted syscalls to escalate privileges or deny service | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P2 - High | CC: | abergmann, martin.doucha, meissner, mpdesouza, smash_bz, tbogendoerfer |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| URL: | https://smash.suse.de/issue/321782/ | ||
| Whiteboard: | CVSSv3.1:SUSE:CVE-2021-22600:8.4:(AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) | ||
| Found By: | Security Response Team | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Bug Depends on: | |||
| Bug Blocks: | 1195307 | ||
| Attachments: | reproducer | ||
|
Description
Robert Frohl
2022-01-27 08:20:39 UTC
from ec6af094ea28f0f2dda1a6a33b14cd57e36a9755
> Fixes: 61fad6816fc1 ("net/packet: tpacket_rcv: avoid a producer race condition")
introduced with v5.6, fixed with v5.16
(In reply to Robert Frohl from comment #1) > introduced with v5.6, fixed with v5.16 Looks like it was backported by us, can find it in v5.3 too. Tracking SLE15-SP2, SLE15-SP3 and SLE15-SP4 as affected. Please confirm or let me know if I missed anything. Fix is present in all affected branches: SLE15-SP2-LTSS ef975a840b2a SLE15-SP3 ef975a840b2a SLE15-SP4 f89a0b7e8360 cve/linux-5.3 ef975a840b2a Reassigning back to the security team. openSUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: openSUSE Leap 15.3 (src): kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1 SUSE-SU-2022:0365-1: An update that solves 7 vulnerabilities and has 9 fixes is now available. Category: security (critical) Bug References: 1177599,1183405,1185377,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254 CVE References: CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Manager Server 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Manager Retail Branch Server 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Manager Proxy 4.1 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server for SAP 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server 15-SP2-LTSS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Server 15-SP2-BCL (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Realtime Extension 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise Module for Live Patching 15-SP2 (src): kernel-default-5.3.18-24.102.1, kernel-livepatch-SLE15-SP2_Update_24-1-5.3.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1 SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 SUSE Linux Enterprise High Availability 15-SP2 (src): kernel-default-5.3.18-24.102.1 SUSE Enterprise Storage 7 (src): kernel-default-5.3.18-24.102.1, kernel-default-base-5.3.18-24.102.1.9.48.1, kernel-docs-5.3.18-24.102.1, kernel-obs-build-5.3.18-24.102.1, kernel-preempt-5.3.18-24.102.1, kernel-source-5.3.18-24.102.1, kernel-syms-5.3.18-24.102.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:0363-1: An update that solves 12 vulnerabilities and has 20 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-4159,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src): kernel-azure-5.3.18-150300.38.40.4, kernel-source-azure-5.3.18-150300.38.40.4, kernel-syms-azure-5.3.18-150300.38.40.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Workstation Extension 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Live Patching 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1, kernel-livepatch-SLE15-SP3_Update_14-1-150300.7.3.1 SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Development Tools 15-SP3 (src): kernel-docs-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1 SUSE Linux Enterprise Module for Basesystem 15-SP3 (src): kernel-64kb-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1 SUSE Linux Enterprise High Availability 15-SP3 (src): kernel-default-5.3.18-150300.59.49.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2022:0370-1: An update that solves 11 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193767,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195062,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-44733,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-0435,CVE-2022-22942 JIRA References: Sources used: openSUSE Leap 15.4 (src): dtb-aarch64-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1 openSUSE Leap 15.3 (src): dtb-aarch64-5.3.18-150300.59.49.1, kernel-64kb-5.3.18-150300.59.49.1, kernel-debug-5.3.18-150300.59.49.1, kernel-default-5.3.18-150300.59.49.1, kernel-default-base-5.3.18-150300.59.49.1.150300.18.31.1, kernel-docs-5.3.18-150300.59.49.1, kernel-kvmsmall-5.3.18-150300.59.49.1, kernel-obs-build-5.3.18-150300.59.49.1, kernel-obs-qa-5.3.18-150300.59.49.1, kernel-preempt-5.3.18-150300.59.49.1, kernel-source-5.3.18-150300.59.49.1, kernel-syms-5.3.18-150300.59.49.1, kernel-zfcpdump-5.3.18-150300.59.49.1 Created attachment 856171 [details]
reproducer
Hi Martin, I managed to create a reproducer to trigger the double free issue. Do you think it could be turned into a LTP test?
(In reply to Marcos de Souza from comment #20) > Created attachment 856171 [details] > reproducer > > Hi Martin, I managed to create a reproducer to trigger the double free > issue. Do you think it could be turned into a LTP test? Thanks, this looks simple enough to port. I'll do it tomorrow. Or if you'd like to get familiar with LTP yourself, modifying setsockopt07 would be a straightforward way to port the reproducer: https://github.com/linux-test-project/ltp/blob/master/testcases/kernel/syscalls/setsockopt/setsockopt07.c SUSE-SU-2022:0543-1: An update that solves 9 vulnerabilities and has 29 fixes is now available. Category: security (critical) Bug References: 1154353,1154488,1156395,1160634,1176447,1177599,1183405,1185377,1187428,1187723,1188605,1191881,1193096,1193506,1193802,1193861,1193864,1193867,1194048,1194227,1194291,1194880,1195009,1195065,1195073,1195183,1195184,1195254,1195267,1195293,1195371,1195476,1195477,1195478,1195479,1195480,1195481,1195482 CVE References: CVE-2020-28097,CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-39685,CVE-2021-45095,CVE-2022-0286,CVE-2022-0330,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP3 (src): kernel-rt-5.3.18-150300.76.1, kernel-rt_debug-5.3.18-150300.76.1, kernel-source-rt-5.3.18-150300.76.1, kernel-syms-rt-5.3.18-150300.76.1 SUSE Linux Enterprise Micro 5.1 (src): kernel-rt-5.3.18-150300.76.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2022:0544-1: An update that solves 6 vulnerabilities and has 11 fixes is now available. Category: security (critical) Bug References: 1177599,1183405,1185377,1187428,1188605,1193096,1193506,1193861,1193864,1193867,1194048,1194227,1194880,1195009,1195065,1195184,1195254 CVE References: CVE-2021-22600,CVE-2021-39648,CVE-2021-39657,CVE-2021-45095,CVE-2022-0330,CVE-2022-22942 JIRA References: Sources used: SUSE Linux Enterprise Module for Realtime 15-SP2 (src): kernel-rt-5.3.18-73.1, kernel-rt_debug-5.3.18-73.1, kernel-source-rt-5.3.18-73.1, kernel-syms-rt-5.3.18-73.1 SUSE Linux Enterprise Micro 5.0 (src): kernel-rt-5.3.18-73.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. Fixed and released. |