Bug 1010492 - (CVE-2015-8961) VUL-0: CVE-2015-8961: kernel: Use after free in __ext4_journal_stop function allowing privilege escalation
(CVE-2015-8961)
VUL-0: CVE-2015-8961: kernel: Use after free in __ext4_journal_stop function ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/176391/
CVSSv2:NVD:CVE-2015-8961:9.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-11-16 14:26 UTC by Johannes Segitz
Modified: 2016-11-25 15:13 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-11-16 14:26:33 UTC
CVE-2015-8961

The __ext4_journal_stop function in fs/ext4/ext4_jbd2.c in the Linux kernel
before 4.3.3 allows local users to gain privileges or cause a denial of service
(use-after-free) by leveraging improper access to a certain error field.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8961
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8961
https://github.com/torvalds/linux/commit/6934da9238da947628be83635e365df41064b09b
http://source.android.com/security/bulletin/2016-11-01.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b
Comment 2 Swamp Workflow Management 2016-11-16 23:04:09 UTC
bugbot adjusting priority
Comment 3 Jan Kara 2016-11-21 13:05:14 UTC
So the problematic commit that introduced the bug was 9d506594069355d1fb2de3f9104667312ff08ed3 (not the one mentioned in the Fixes tag) which got merged in 4.1-rc4. The fix got into 4.4-rc5. I've checked and SLE12-LTSS and SLE12-SP1 branches got both involved patches from the 3.12-stable kernel. openSUSE 42.1 and thus SLE12-SP1 ARM branches got the fix from 4.1 stable as well. SLE12-SP2 is already based on 4.4, openSUSE 13.2 and SLE11-SP4 kernels didn't get the original buggy commit. So we are fine.

Reassigning back to security-team as there's nothing more to do.
Comment 4 Marcus Meissner 2016-11-25 15:13:31 UTC
thanks!