Bugzilla – Bug 1057474
VUL-0: CVE-2017-12146: kernel-source: Race condition in driver_override implementation
Last modified: 2019-05-01 13:55:41 UTC
via rh bug It was found that the driver_override implementation in base/platform.c is susceptible to race condition when different threads are reading vs storing a different driver override. Upstream patch: https://github.com/torvalds/linux/commit/6265539776a0810b7ce6398c27866ddb9c6bd154 Introduced by commit: https://github.com/torvalds/linux/commit/3d713e0e382e
3d713e0e382e is in 3.17, so SLES 12 SP2 and later are affected.
this is in /sys/devices/platform/*/driver_override the files are usually reachable by root only I think.
Already included in 4.4.77 and 4.12.1. So the fix needed only for SLE12-SP0/SP1.
(In reply to Takashi Iwai from comment #3) > So the fix needed only for SLE12-SP0/SP1. And no, as already pointed out in comment #1, it's from 3.17, so they aren't affected either. We already covered all. Reassigned back to security team.
was in 4.4.90 for SLES 12 SP2 and SP3, older versions not affected.