Bugzilla – Full Text Bug Listing
|Summary:||VUL-0: CVE-2015-1573: kernel: panic while flushing nftables rules that reference deleted chains.|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Johannes Segitz <jsegitz>|
|Component:||Incidents||Assignee:||Security Team bot <security-team>|
|Status:||RESOLVED UPSTREAM||QA Contact:||Security Team bot <security-team>|
|Priority:||P3 - Medium||CC:||bpetkov, mhocko, mkubecek, smash_bz|
|Found By:||Security Response Team||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Johannes Segitz 2015-02-11 08:21:25 UTC
Comment 1 Swamp Workflow Management 2015-02-11 23:00:15 UTC
bugbot adjusting priority
Comment 2 Borislav Petkov 2015-04-08 09:51:53 UTC
Michal, can you please take a look.
Comment 3 Michal Kubeček 2015-04-08 10:16:51 UTC
As nftables were added in mainline 3.13 and were not backported to SLE12, this should only affect openSUSE 13.2 (the fix is in 3.19-rc5 and Factory already has 3.19.3). I'll check if 13.2 is really affected and prepare a backport if it is.
Comment 4 Michal Kubeček 2015-05-14 12:56:16 UTC
After some unsuccessful attempts to reproduce the issue, I checked the code. Apparently the buggy code (and, actually, the ability to flush the entire table (not only rules in it) wasn't added until v3.18-rc1. Therefore none of our kernels is curently vulnerable (master/stable are already fixed and released SLE/openSUSE kernels never were). Reassigning back to the Security team.
Comment 5 Marcus Meissner 2016-01-22 08:14:38 UTC
is only upstream