Bug 1008374 - (CVE-2015-8970) VUL-0: CVE-2015-8970: kernel: crypto: GPF in lrw_crypt caused by null-deref
(CVE-2015-8970)
VUL-0: CVE-2015-8970: kernel: crypto: GPF in lrw_crypt caused by null-deref
Status: RESOLVED FIXED
: 1008850 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: unspecified
Assigned To: Torsten Duwe
Security Team bot
CVSSv2:NVD:CVE-2015-8970:4.9:(AV:L/AC...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-03 17:07 UTC by Mikhail Kasimov
Modified: 2019-12-10 10:10 UTC (History)
7 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2016-11-03 17:07:55 UTC
Reference: http://seclists.org/oss-sec/2016/q4/324
========================================================
Hello,

We would like to ask for a CVE-ID for the following security flaw.

The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel
before 4.5 allows local users to cause a system crash and a denial
of service by the NULL pointer dereference via accept(2) system call
for AF_ALG socket without calling setkey() first to set a cipher key.

Initial discussion:
https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ

Red Hat Product Security Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1386286

Initial upstream patch (followed by a set of the related patches):
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f

Best regards,
Vladis Dronov | Red Hat, Inc. | Product Security Engineer
========================================================
Comment 1 Swamp Workflow Management 2016-11-03 23:02:09 UTC
bugbot adjusting priority
Comment 7 Mikhail Kasimov 2016-11-05 18:02:09 UTC
've re-assigned this report on security-team, because here are a lot of ping-pong needinfo-alerts between two departments. Obviously, this security report was initially assigned on Kernel section of bugzilla, which was wrong.
Comment 8 Borislav Petkov 2016-11-05 18:19:04 UTC
(In reply to Mikhail Kasimov from comment #7)
> 've re-assigned this report on security-team, because here are a lot of
> ping-pong needinfo-alerts between two departments. Obviously, this security
> report was initially assigned on Kernel section of bugzilla, which was wrong.

Please don't touch it, we're handling it. The assigning is correct.
Comment 9 Mikhail Kasimov 2016-11-05 18:21:46 UTC
(In reply to Borislav Petkov from comment #8)
> (In reply to Mikhail Kasimov from comment #7)
> > 've re-assigned this report on security-team, because here are a lot of
> > ping-pong needinfo-alerts between two departments. Obviously, this security
> > report was initially assigned on Kernel section of bugzilla, which was wrong.
> 
> Please don't touch it, we're handling it. The assigning is correct.

ok, got it.
Comment 13 Sebastian Krahmer 2016-11-14 13:30:47 UTC
*** Bug 1008850 has been marked as a duplicate of this bug. ***
Comment 15 Torsten Duwe 2017-01-25 14:32:20 UTC
Fixed kernel is on its way.
Comment 17 Swamp Workflow Management 2017-02-17 17:10:15 UTC
SUSE-SU-2017:0494-1: An update that solves 27 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1001419,1002165,1003077,1003253,1003925,1004517,1007944,1008374,1008645,1008831,1008833,1008850,1009875,1010150,1010467,1010501,1010507,1010711,1010713,1010716,1011685,1011820,1012183,1012422,1012832,1012851,1012852,1012895,1013038,1013042,1013531,1013542,1014454,1014746,1015878,1017710,1018446,1019079,1019783,1021258,821612,824171,914939,929141,935436,956514,961923,966826,967716,969340,973691,979595,987576,989152,989261,991665,992566,992569,992906,992991,993890,993891,994296,994618,994759,995968,996329,996541,996557,997059,997401,997708,998689,999932,999943
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2015-1350,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2015-8970,CVE-2016-0823,CVE-2016-10088,CVE-2016-3841,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-ppc64-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
Comment 18 Swamp Workflow Management 2017-05-15 19:33:51 UTC
SUSE-SU-2017:1301-1: An update that solves 18 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1005651,1008374,1008893,1013018,1013070,1013800,1013862,1016489,1017143,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1028415,1028880,1029212,1029770,1030213,1030573,1031003,1031052,1031440,1031579,1032141,1033336,1033771,1033794,1033804,1033816,1034026,909486,911105,931620,979021,982783,983212,985561,988065,989056,995542,999245
CVE References: CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-5243,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7616
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-100.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-100.1, kernel-default-3.0.101-100.1, kernel-ec2-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-source-3.0.101-100.1, kernel-syms-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-100.1, kernel-default-3.0.101-100.1, kernel-ec2-3.0.101-100.1, kernel-pae-3.0.101-100.1, kernel-ppc64-3.0.101-100.1, kernel-trace-3.0.101-100.1, kernel-xen-3.0.101-100.1
Comment 19 Swamp Workflow Management 2017-09-04 19:11:44 UTC
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1