Bug 900392 (CVE-2014-7975)

Summary: VUL-0: CVE-2014-7975: kernel-source: unmount denial of service
Product: [Novell Products] SUSE Security Incidents Reporter: Victor Pereira <vpereira>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: mhocko, mszeredi
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: proposed patch
testcase

Description Victor Pereira 2014-10-09 07:44:40 UTC 
Created attachment 609413 [details]
proposed patch

Accessing do_remount_sb should require global CAP_SYS_ADMIN, but
only one of the two call sites was appropriately protected.

patch and proof of concept included:

references:

http://thread.gmane.org/gmane.linux.kernel.stable/109312
Comment 1 Victor Pereira 2014-10-09 07:47:23 UTC 
Created attachment 609415 [details]
testcase
Comment 2 Swamp Workflow Management 2014-10-09 22:00:13 UTC 
bugbot adjusting priority
Comment 4 Michal Marek 2014-11-07 14:55:35 UTC 
This is a1480dcc3c706e309a88884723446f2e84fedd5b now. It has been backported to 3.12.32, so SLE12 is covered.
Comment 5 Miklos Szeredi 2014-12-01 15:31:35 UTC 
bug introduced in v3.8 by

   0c55cfc4166d vfs: Allow unprivileged manipulation of the mount namespace.

Not vulnerable:

  SLE11
  openSUSE-12.3

Already fixed:

  HEAD
  SLE12
  openSUSE-13.2

Fix pushed to:

  openSUSE-13.1
Comment 6 Swamp Workflow Management 2014-12-21 12:10:47 UTC 
openSUSE-SU-2014:1677-1: An update that solves 31 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 818966,835839,853040,856659,864375,865882,873790,875051,881008,882639,882804,883518,883724,883948,883949,884324,887046,887082,889173,890114,891689,892490,893429,896382,896385,896390,896391,896392,896689,897736,899785,900392,902346,902349,902351,904013,904700,905100,905744,907818,908163,909077,910251
CVE References: CVE-2013-2891,CVE-2013-2898,CVE-2014-0181,CVE-2014-0206,CVE-2014-1739,CVE-2014-3181,CVE-2014-3182,CVE-2014-3184,CVE-2014-3185,CVE-2014-3186,CVE-2014-3673,CVE-2014-3687,CVE-2014-3688,CVE-2014-4171,CVE-2014-4508,CVE-2014-4608,CVE-2014-4611,CVE-2014-4943,CVE-2014-5077,CVE-2014-5206,CVE-2014-5207,CVE-2014-5471,CVE-2014-5472,CVE-2014-6410,CVE-2014-7826,CVE-2014-7841,CVE-2014-7975,CVE-2014-8133,CVE-2014-8709,CVE-2014-9090,CVE-2014-9322
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.16.1, crash-7.0.2-2.16.1, hdjmod-1.28-16.16.1, ipset-6.21.1-2.20.1, iscsitarget-1.4.20.3-13.16.1, kernel-docs-3.11.10-25.2, kernel-source-3.11.10-25.1, kernel-syms-3.11.10-25.1, ndiswrapper-1.58-16.1, pcfclock-0.44-258.16.1, vhba-kmp-20130607-2.17.1, virtualbox-4.2.18-2.21.1, xen-4.3.2_02-30.1, xtables-addons-2.3-2.16.1
Comment 7 Marcus Meissner 2015-03-05 08:03:22 UTC 
released