Bugzilla – Bug 1010492
VUL-0: CVE-2015-8961: kernel: Use after free in __ext4_journal_stop function allowing privilege escalation
Last modified: 2016-11-25 15:13:31 UTC
The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel
before 4.3.3 allows local users to gain privileges or cause a denial of service
(use-after-free) by leveraging improper access to a certain error field.
bugbot adjusting priority
So the problematic commit that introduced the bug was 9d506594069355d1fb2de3f9104667312ff08ed3 (not the one mentioned in the Fixes tag) which got merged in 4.1-rc4. The fix got into 4.4-rc5. I've checked and SLE12-LTSS and SLE12-SP1 branches got both involved patches from the 3.12-stable kernel. openSUSE 42.1 and thus SLE12-SP1 ARM branches got the fix from 4.1 stable as well. SLE12-SP2 is already based on 4.4, openSUSE 13.2 and SLE11-SP4 kernels didn't get the original buggy commit. So we are fine.
Reassigning back to security-team as there's nothing more to do.