Bug 964730 (CVE-2016-0774)

Summary: VUL-0: CVE-2016-0774: kernel: pipe buffer state corruption after unsuccessful atomic read from pipe
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: bpetkov, jslaby, krahmer, mbenes, meissner, mhocko, nfbrown, security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/161521/
Whiteboard: CVSSv2:SUSE:CVE-2016-0774:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:RedHat:CVE-2016-0774:5.4:(AV:L/AC:M/Au:N/C:P/I:N/A:C) CVSSv2:RedHat:CVE-2015-1805:5.4:(AV:L/AC:M/Au:N/C:P/I:N/A:C) CVSSv2:SUSE:CVE-2015-1805:6.9:(AV:L/AC:M/Au:N/C:C/I:C/A:C) CVSSv2:NVD:CVE-2016-0774:5.6:(AV:L/AC:L/Au:N/C:P/I:N/A:C)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on: 964732    
Bug Blocks:    

Description Sebastian Krahmer 2016-02-02 14:56:22 UTC 
Quoting from RH bugzilla:

"It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and
buffer length in sync, potentially resulting in pipe buffer overrun on 
failed atomic read.

A local, unprivileged user could use this flaw to crash the system.

Upstream Linux kernel is not affected by this flaw as it was introduced by
the Red Hat Enterprise Linux only fix for CVE-2015-1805.

Acknowledgements:

The security impact of this issue was discovered by Red Hat."


rh#1303961



References:
https://bugzilla.redhat.com/show_bug.cgi?id=1303961
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-0774
Comment 15 Jiri Slaby 2016-02-15 15:14:59 UTC 
I went through my stable@ inbox and can see:
http://article.gmane.org/gmane.linux.kernel.stable/164635

It has just gone into stable-3.12.
Comment 16 Borislav Petkov 2016-02-19 21:59:08 UTC 
Ok,

want me to apply it to SLE12 or are you going to?

Thanks.
Comment 17 Borislav Petkov 2016-03-03 12:16:18 UTC 
Ok, fix is in SLE12{,-SP1}.

Bouncing back.
Comment 18 Swamp Workflow Management 2016-03-16 14:24:44 UTC 
SUSE-SU-2016:0785-1: An update that solves 10 vulnerabilities and has 66 fixes is now available.

Category: security (important)
Bug References: 812259,816099,855062,867583,884701,899908,922071,937444,940338,940946,941363,943989,945219,947953,949752,950292,951155,955308,955654,956084,956514,957525,957986,959090,959146,959257,959463,959629,959709,960174,960227,960458,960561,960629,961257,961500,961509,961516,961588,961658,961971,962336,962356,962788,962965,963193,963449,963572,963746,963765,963767,963825,963960,964201,964730,965199,965344,965830,965840,965891,966026,966094,966278,966437,966471,966693,966864,966910,967802,968018,968074,968206,968230,968234,968253,969112
CVE References: CVE-2013-7446,CVE-2015-5707,CVE-2015-8709,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2016-0723,CVE-2016-0774,CVE-2016-2069,CVE-2016-2384
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.55-52.42.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.55-52.42.2, kernel-obs-build-3.12.55-52.42.2
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.55-52.42.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_12-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.55-52.42.1, kernel-source-3.12.55-52.42.1, kernel-syms-3.12.55-52.42.1, kernel-xen-3.12.55-52.42.1
Comment 19 Swamp Workflow Management 2016-04-12 19:15:57 UTC 
SUSE-SU-2016:1019-1: An update that solves 9 vulnerabilities and has 70 fixes is now available.

Category: security (important)
Bug References: 816099,867251,875631,880007,943645,944749,945219,949752,955308,956084,956852,957986,959146,959257,959463,959709,960174,960458,960561,960629,961257,961500,961516,961588,961658,963193,963746,963765,963827,963960,964201,964730,965087,965199,965830,965891,965924,966026,966094,966278,966437,966471,966693,966831,966864,966910,967047,967292,967299,967650,967651,967802,967903,968010,968018,968074,968141,968206,968230,968234,968253,968448,968512,968643,968670,969112,969439,969571,969655,969690,969735,969992,969993,970062,970160,970249,970909,971125,971360
CVE References: CVE-2015-8709,CVE-2015-8812,CVE-2015-8816,CVE-2016-2143,CVE-2016-2184,CVE-2016-2384,CVE-2016-2782,CVE-2016-3139,CVE-2016-3156
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.57-60.35.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.57-60.35.3, kernel-obs-build-3.12.57-60.35.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.57-60.35.1, kernel-source-3.12.57-60.35.1, kernel-syms-3.12.57-60.35.1, kernel-xen-3.12.57-60.35.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.57-60.35.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_4-1-2.3
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.57-60.35.1, kernel-source-3.12.57-60.35.1, kernel-syms-3.12.57-60.35.1, kernel-xen-3.12.57-60.35.1
Comment 20 Marcus Meissner 2016-08-01 13:17:36 UTC 
released