Bug 1008850 - VUL-0: CVE-2015-8970: kernel: GPF in lrw_crypt caused by null-deref
VUL-0: CVE-2015-8970: kernel: GPF in lrw_crypt caused by null-deref
Status: RESOLVED DUPLICATE of bug 1008374
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/174477/
CVSSv2:SUSE:CVE-2015-8970:4.7:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-07 10:45 UTC by Sebastian Krahmer
Modified: 2021-08-25 09:18 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2016-11-07 10:45:02 UTC
Quoting oss-sec:

The lrw_crypt() function in 'crypto/lrw.c' in the Linux kernel
before 4.5 allows local users to cause a system crash and a denial
of service by the NULL pointer dereference via accept(2) system call
for AF_ALG socket without calling setkey() first to set a cipher key.

Initial discussion:
https://groups.google.com/forum/#!msg/syzkaller/frb2XrB5aWk/xCXzkIBcDAAJ

Red Hat Product Security Bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=1386286

Initial upstream patch (followed by a set of the related patches):
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=dd504589577d8e8e70f51f997ad487a4cb6c026f


CVE-2015-8970



References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8970
http://seclists.org/oss-sec/2016/q4/330
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8970.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8970
Comment 1 Swamp Workflow Management 2016-11-07 23:02:42 UTC
bugbot adjusting priority
Comment 3 Sebastian Krahmer 2016-11-14 13:30:47 UTC
indeed

*** This bug has been marked as a duplicate of bug 1008374 ***
Comment 4 Swamp Workflow Management 2017-02-17 17:11:10 UTC
SUSE-SU-2017:0494-1: An update that solves 27 vulnerabilities and has 48 fixes is now available.

Category: security (important)
Bug References: 1001419,1002165,1003077,1003253,1003925,1004517,1007944,1008374,1008645,1008831,1008833,1008850,1009875,1010150,1010467,1010501,1010507,1010711,1010713,1010716,1011685,1011820,1012183,1012422,1012832,1012851,1012852,1012895,1013038,1013042,1013531,1013542,1014454,1014746,1015878,1017710,1018446,1019079,1019783,1021258,821612,824171,914939,929141,935436,956514,961923,966826,967716,969340,973691,979595,987576,989152,989261,991665,992566,992569,992906,992991,993890,993891,994296,994618,994759,995968,996329,996541,996557,997059,997401,997708,998689,999932,999943
CVE References: CVE-2004-0230,CVE-2012-6704,CVE-2015-1350,CVE-2015-8956,CVE-2015-8962,CVE-2015-8964,CVE-2015-8970,CVE-2016-0823,CVE-2016-10088,CVE-2016-3841,CVE-2016-6828,CVE-2016-7042,CVE-2016-7097,CVE-2016-7117,CVE-2016-7425,CVE-2016-7910,CVE-2016-7911,CVE-2016-7916,CVE-2016-8399,CVE-2016-8632,CVE-2016-8633,CVE-2016-8646,CVE-2016-9555,CVE-2016-9685,CVE-2016-9756,CVE-2016-9793,CVE-2017-5551
Sources used:
SUSE OpenStack Cloud 5 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager Proxy 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Manager 2.1 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-ppc64-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-source-3.0.101-0.47.96.1, kernel-syms-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.96.1, kernel-default-3.0.101-0.47.96.1, kernel-ec2-3.0.101-0.47.96.1, kernel-pae-3.0.101-0.47.96.1, kernel-trace-3.0.101-0.47.96.1, kernel-xen-3.0.101-0.47.96.1
Comment 5 Swamp Workflow Management 2017-09-04 19:11:54 UTC
SUSE-SU-2017:2342-1: An update that solves 44 vulnerabilities and has 135 fixes is now available.

Category: security (important)
Bug References: 1003077,1005651,1008374,1008850,1008893,1012422,1013018,1013070,1013800,1013862,1016489,1017143,1018074,1018263,1018446,1019168,1020229,1021256,1021913,1022971,1023014,1023051,1023163,1023888,1024508,1024788,1024938,1025235,1025702,1026024,1026260,1026722,1026914,1027066,1027101,1027178,1027565,1028372,1028415,1028880,1029140,1029212,1029770,1029850,1030213,1030552,1030573,1030593,1030814,1031003,1031052,1031440,1031579,1032141,1032340,1032471,1033287,1033336,1033771,1033794,1033804,1033816,1034026,1034670,1035576,1035777,1035920,1036056,1036288,1036629,1037182,1037183,1037191,1037193,1037227,1037232,1037233,1037356,1037358,1037359,1037441,1038544,1038879,1038981,1038982,1039258,1039348,1039354,1039456,1039594,1039882,1039883,1039885,1040069,1040351,1041160,1041431,1041762,1041975,1042045,1042200,1042615,1042633,1042687,1042832,1043014,1043234,1043935,1044015,1044125,1044216,1044230,1044854,1044882,1044913,1044985,1045154,1045340,1045356,1045406,1045416,1045525,1045538,1045547,1045615,1046107,1046122,1046192,1046715,1047027,1047053,1047343,1047354,1047487,1047523,1047653,1048185,1048221,1048232,1048275,1049483,1049603,1049688,1049882,1050154,1050431,1051478,1051515,1051770,784815,792863,799133,870618,909486,909618,911105,919382,928138,931620,938352,943786,948562,962257,970956,971975,972891,979021,982783,983212,985561,986362,986365,986924,988065,989056,990682,991651,995542,999245
CVE References: CVE-2014-9922,CVE-2015-3288,CVE-2015-8970,CVE-2016-10200,CVE-2016-2188,CVE-2016-4997,CVE-2016-4998,CVE-2016-5243,CVE-2016-7117,CVE-2017-1000363,CVE-2017-1000364,CVE-2017-1000365,CVE-2017-1000380,CVE-2017-11176,CVE-2017-11473,CVE-2017-2636,CVE-2017-2647,CVE-2017-2671,CVE-2017-5669,CVE-2017-5970,CVE-2017-5986,CVE-2017-6074,CVE-2017-6214,CVE-2017-6348,CVE-2017-6353,CVE-2017-6951,CVE-2017-7184,CVE-2017-7187,CVE-2017-7261,CVE-2017-7294,CVE-2017-7308,CVE-2017-7482,CVE-2017-7487,CVE-2017-7533,CVE-2017-7542,CVE-2017-7616,CVE-2017-8890,CVE-2017-8924,CVE-2017-8925,CVE-2017-9074,CVE-2017-9075,CVE-2017-9076,CVE-2017-9077,CVE-2017-9242
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1, kernel-source-rt-3.0.101.rt130-69.5.1, kernel-syms-rt-3.0.101.rt130-69.5.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.5.1, kernel-rt_debug-3.0.101.rt130-69.5.1, kernel-rt_trace-3.0.101.rt130-69.5.1