First Last Prev Next    This bug is not in your last search results.
Bug 1007197 - (CVE-2016-9083) VUL-0: CVE-2016-9083, CVE-2016-9084: kernel: vfio driver integer overflow
(CVE-2016-9083)
VUL-0: CVE-2016-9083, CVE-2016-9084: kernel: vfio driver integer overflow
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/174169/
CVSSv2:RedHat:CVE-2016-9084:3.3:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-10-27 08:47 UTC by Johannes Segitz
Modified: 2018-07-03 18:08 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-10-27 08:47:30 UTC 
From: Vlad Tsyrklevich
    The vfio driver allows direct user access to devices. The
    VFIO_DEVICE_SET_IRQS ioctl for vfio PCI devices has a state machine
    confusion bug where specifying VFIO_IRQ_SET_DATA_NONE along with
    another bit in VFIO_IRQ_SET_DATA_TYPE_MASK in hdr.flags allows integer
    overflow checks to be skipped for hdr.start/hdr.count. This might
    allow memory corruption later in vfio_pci_set_msi_trigger() with user
    access to an appropriate vfio device file, but it seems difficult to
    usefully exploit in practice.

    https://patchwork.kernel.org/patch/9373631/


Use CVE-2016-9083 for the "state machine confusion bug."

Use CVE-2016-9084 for the separate problem fixed by "kzalloc is
changed to a kcalloc."

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9083
http://seclists.org/oss-sec/2016/q4/251
Comment 1 Swamp Workflow Management 2016-10-27 22:00:44 UTC 
bugbot adjusting priority
Comment 4 Joerg Roedel 2016-11-09 15:08:23 UTC 
Fix is backported now to all of SLE12 and relevant openSUSE branches.
Comment 5 Borislav Petkov 2016-11-09 15:42:48 UTC 
Thanks Jörg, bouncing back.
Comment 7 Swamp Workflow Management 2016-12-08 12:13:16 UTC 
openSUSE-SU-2016:3050-1: An update that solves 12 vulnerabilities and has 75 fixes is now available.

Category: security (important)
Bug References: 1000118,1000433,1001171,1001310,1001486,1001888,1003813,1004052,1004365,1004517,1005169,1005666,1005745,1005917,1005921,1005925,1005929,1006175,1006576,1006809,1006827,1006915,1006918,1007197,1007615,1007653,1007955,1008831,1008979,1009062,1009454,1010040,1010158,1010444,1010478,1010507,1010665,1010690,1010970,1011176,1011685,1011913,1012060,1012094,1012452,1012477,1012754,1012767,1012829,1012992,1013479,1013533,1013700,799133,843661,914939,954986,963609,963655,963904,964462,966186,966191,966316,966318,966325,969476,969477,971975,972993,974313,978907,979681,983087,983318,985850,986255,987805,990384,991414,992555,993739,994881,995278,997059,997807,998054
CVE References: CVE-2015-1350,CVE-2015-8964,CVE-2016-7042,CVE-2016-7913,CVE-2016-7917,CVE-2016-8632,CVE-2016-8655,CVE-2016-8666,CVE-2016-9083,CVE-2016-9084,CVE-2016-9555,CVE-2016-9794
Sources used:
openSUSE Leap 42.2 (src):    kernel-debug-4.4.36-5.1, kernel-default-4.4.36-5.1, kernel-docs-4.4.36-5.3, kernel-obs-build-4.4.36-5.1, kernel-obs-qa-4.4.36-5.1, kernel-source-4.4.36-5.1, kernel-syms-4.4.36-5.1, kernel-vanilla-4.4.36-5.1
Comment 8 Swamp Workflow Management 2016-12-08 14:08:26 UTC 
openSUSE-SU-2016:3058-1: An update that solves 16 vulnerabilities and has 12 fixes is now available.

Category: security (important)
Bug References: 1001171,1001486,1003925,1004517,1006580,1007197,1007615,1007653,1008650,1008833,1009222,1010040,1010150,1010478,1010501,1010502,1010507,1010909,1011685,1012754,1012876,1013533,934067,990384,993739,995968,999577,999907
CVE References: CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-7042,CVE-2016-7097,CVE-2016-7913,CVE-2016-8630,CVE-2016-8633,CVE-2016-8646,CVE-2016-8655,CVE-2016-9083,CVE-2016-9084,CVE-2016-9178,CVE-2016-9555,CVE-2016-9794
Sources used:
openSUSE Leap 42.1 (src):    drbd-8.4.6-12.2, hdjmod-1.28-28.2, ipset-6.25.1-9.2, kernel-debug-4.1.36-38.1, kernel-default-4.1.36-38.1, kernel-docs-4.1.36-38.2, kernel-ec2-4.1.36-38.1, kernel-obs-build-4.1.36-38.2, kernel-obs-qa-4.1.36-38.1, kernel-pae-4.1.36-38.1, kernel-pv-4.1.36-38.1, kernel-source-4.1.36-38.1, kernel-syms-4.1.36-38.1, kernel-vanilla-4.1.36-38.1, kernel-xen-4.1.36-38.1, lttng-modules-2.7.0-6.2, pcfclock-0.44-270.2, vhba-kmp-20140928-9.2
Comment 9 Swamp Workflow Management 2017-01-17 18:22:40 UTC 
SUSE-SU-2017:0181-1: An update that solves 13 vulnerabilities and has 127 fixes is now available.

Category: security (important)
Bug References: 1000118,1000189,1000287,1000304,1000433,1000776,1001169,1001171,1001310,1001462,1001486,1001888,1002322,1002770,1002786,1003068,1003566,1003581,1003606,1003813,1003866,1003964,1004048,1004052,1004252,1004365,1004517,1005169,1005327,1005545,1005666,1005745,1005895,1005917,1005921,1005923,1005925,1005929,1006103,1006175,1006267,1006528,1006576,1006804,1006809,1006827,1006915,1006918,1007197,1007615,1007653,1007955,1008557,1008979,1009062,1009969,1010040,1010158,1010444,1010478,1010507,1010665,1010690,1010970,1011176,1011250,1011913,1012060,1012094,1012452,1012767,1012829,1012992,1013001,1013479,1013531,1013700,1014120,1014392,1014701,1014710,1015212,1015359,1015367,1015416,799133,914939,922634,963609,963655,963904,964462,966170,966172,966186,966191,966316,966318,966325,966471,969474,969475,969476,969477,969756,971975,971989,972993,974313,974842,974843,978907,979378,979681,981825,983087,983152,983318,985850,986255,986987,987641,987703,987805,988524,988715,990384,992555,993739,993841,993891,994881,995278,997059,997639,997807,998054,998689,999907,999932
CVE References: CVE-2015-1350,CVE-2015-8964,CVE-2016-7039,CVE-2016-7042,CVE-2016-7425,CVE-2016-7913,CVE-2016-7917,CVE-2016-8645,CVE-2016-8666,CVE-2016-9083,CVE-2016-9084,CVE-2016-9793,CVE-2016-9919
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP2 (src):    kernel-default-4.4.38-93.1
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    kernel-docs-4.4.38-93.3, kernel-obs-build-4.4.38-93.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    kernel-default-4.4.38-93.1, kernel-source-4.4.38-93.1, kernel-syms-4.4.38-93.1
SUSE Linux Enterprise Server 12-SP2 (src):    kernel-default-4.4.38-93.1, kernel-source-4.4.38-93.1, kernel-syms-4.4.38-93.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP2_Update_4-1-2.1
SUSE Linux Enterprise High Availability 12-SP2 (src):    kernel-default-4.4.38-93.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    kernel-default-4.4.38-93.1, kernel-source-4.4.38-93.1, kernel-syms-4.4.38-93.1
Comment 10 Swamp Workflow Management 2017-02-06 20:08:07 UTC 
SUSE-SU-2017:0407-1: An update that solves 24 vulnerabilities and has 56 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008831,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011685,1012060,1012422,1012754,1012917,1012985,1013001,1013038,1013479,1013531,1013533,1013540,1013604,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8645,CVE-2016-8655,CVE-2016-9083,CVE-2016-9084,CVE-2016-9555,CVE-2016-9576,CVE-2016-9756,CVE-2016-9793,CVE-2016-9794,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Real Time Extension 12-SP1 (src):    kernel-compute-3.12.69-60.30.1, kernel-compute_debug-3.12.69-60.30.1, kernel-rt-3.12.69-60.30.1, kernel-rt_debug-3.12.69-60.30.1, kernel-source-rt-3.12.69-60.30.1, kernel-syms-rt-3.12.69-60.30.1
Comment 11 Swamp Workflow Management 2017-02-14 23:09:31 UTC 
SUSE-SU-2017:0464-1: An update that solves 19 vulnerabilities and has 58 fixes is now available.

Category: security (important)
Bug References: 1003813,1005666,1007197,1008557,1008567,1008833,1008876,1008979,1009062,1009969,1010040,1010213,1010294,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1012060,1012422,1012917,1012985,1013001,1013038,1013479,1013531,1013540,1013542,1014410,1014746,1016713,1016725,1016961,1017164,1017170,1017410,1017589,1017710,1018100,1019032,1019148,1019260,1019300,1019783,1019851,1020214,1020602,1021258,856380,857394,858727,921338,921778,922052,922056,923036,923037,924381,938963,972993,980560,981709,983087,983348,984194,984419,985850,987192,987576,990384,991273,993739,997807,999101
CVE References: CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Workstation Extension 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    kernel-docs-3.12.69-60.64.29.3, kernel-obs-build-3.12.69-60.64.29.1
SUSE Linux Enterprise Server 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.69-60.64.29.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12-SP1_Update_12-1-4.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    kernel-default-3.12.69-60.64.29.1, kernel-source-3.12.69-60.64.29.1, kernel-syms-3.12.69-60.64.29.1, kernel-xen-3.12.69-60.64.29.1
Comment 12 Swamp Workflow Management 2017-02-15 20:09:01 UTC 
SUSE-SU-2017:0471-1: An update that solves 34 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1003153,1003925,1004462,1004517,1005666,1007197,1008833,1008979,1009969,1010040,1010475,1010478,1010501,1010502,1010507,1010612,1010711,1010716,1011820,1012422,1013038,1013531,1013540,1013542,1014746,1016482,1017410,1017589,1017710,1019300,1019851,1020602,1021258,881008,915183,958606,961257,970083,971989,976195,978094,980371,980560,981038,981597,981709,982282,982544,983619,983721,983977,984148,984419,984755,985978,986362,986365,986445,986569,986572,986811,986941,987542,987565,987576,989152,990384,991608,991665,993392,993890,993891,994296,994748,994881,995968,997708,998795,999584,999600,999932,999943
CVE References: CVE-2014-9904,CVE-2015-8956,CVE-2015-8962,CVE-2015-8963,CVE-2015-8964,CVE-2016-10088,CVE-2016-4470,CVE-2016-4998,CVE-2016-5696,CVE-2016-5828,CVE-2016-5829,CVE-2016-6130,CVE-2016-6327,CVE-2016-6480,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7913,CVE-2016-7914,CVE-2016-8399,CVE-2016-8633,CVE-2016-8645,CVE-2016-8658,CVE-2016-9083,CVE-2016-9084,CVE-2016-9756,CVE-2016-9793,CVE-2016-9806,CVE-2017-2583,CVE-2017-2584,CVE-2017-5551
Sources used:
SUSE Linux Enterprise Server for SAP 12 (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.66.1, kernel-source-3.12.61-52.66.1, kernel-syms-3.12.61-52.66.1, kernel-xen-3.12.61-52.66.1, kgraft-patch-SLE12_Update_19-1-2.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.66.1
Comment 13 Marcus Meissner 2017-03-02 13:09:28 UTC 
released
First Last Prev Next    This bug is not in your last search results.