Bug 1072876 – VUL-0: CVE-2017-13167: kernel-source: sound: An elevation of privilege vulnerability in the kernel sound timer. Product:Android. Versions: Android kernel. Android ID A-37240993.

Bug 1072876 - (CVE-2017-13167) VUL-0: CVE-2017-13167: kernel-source: sound: An elevation of privilege vulnerability in the kernel sound timer. Product:Android. Versions: Android kernel. Android ID A-37240993.

(CVE-2017-13167)
Summary:	VUL-0: CVE-2017-13167: kernel-source: sound: An elevation of privilege vulner...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/196269/
Whiteboard:	CVSSv2:SUSE:CVE-2017-13167:3.3:(AV:L/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-12-14 13:15 UTC by Marcus Meissner
Modified:	2020-06-16 18:01 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2017-12-14 13:15:12 UTC

CVE-2017-13167

An elevation of privilege vulnerability in the kernel sound timer. Product:
Android. Versions: Android kernel. Android ID A-37240993.

https://github.com/LineageOS/android_kernel_lge_msm8974/commit/bc40d148e91f490cc7dc0fbeb670985d94867255

Torvalds kernel: c3b1681375dc6e71d89a3ae00cc3ce9e775a8917 

https://github.com/LineageOS/android_kernel_lge_msm8974/commit/0878ae3cc840306ac6ccd1a09076c975e5a4e096


References:
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-13167.html

Comment 1 Takashi Iwai 2017-12-14 13:26:41 UTC

SLE12 and later already contain the fix.
Still missing in cve/linux-3.0 and earlier branches.

But this report looks bogus.  The commit doesn't change the behavior by itself, it's merely a code cleanup.  If this would fix anything alone, I'd like to know the details.

I know that there are a few other commits after this one that really fix security issues, but it's a different thing...

Comment 2 Takashi Iwai 2017-12-14 16:08:42 UTC

That said, if we see what this commit actually fixes, I'll backport it to older distros.  Otherwise it's just a fiasco without any sense.

Comment 3 Takashi Iwai 2017-12-18 10:47:06 UTC

Now I see what's missing:
the actual fix commit is
4dff5c7b7093b19c19d3a100f8a3ad87cb7cd9e7
    ALSA: timer: Fix race at concurrent reads

The commit c3b1681375dc is merely a preliminary patch for that.

The commit 4dff5c7b7093 is included in 4.4.2 kernel, so SLE12+ are OK.

Comment 4 Takashi Iwai 2017-12-18 10:57:33 UTC

(In reply to Takashi Iwai from comment #3)
> The commit 4dff5c7b7093 is included in 4.4.2 kernel, so SLE12+ are OK.

Erm, missing in cve/linux-3.12.  We need the fix for cve/linux-3.12 and earlier.
Will work on it.

Comment 5 Takashi Iwai 2017-12-18 14:09:53 UTC

The fix was pushed to my cve/linux-3.12, cve/linux-3.0, cve/linux-2.6.32 and cve/linux-2.6.16 branches.

Reassigned back to security team.

Comment 6 Swamp Workflow Management 2018-01-04 11:18:48 UTC

SUSE-SU-2018:0011-1: An update that solves 17 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1013018,1024612,1034862,1045479,1045538,1047487,1048185,1050231,1050431,1056982,1063043,1065180,1065600,1066569,1066693,1066973,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.21.2
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-source-3.0.101-108.21.1, kernel-syms-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.21.1, kernel-default-3.0.101-108.21.1, kernel-ec2-3.0.101-108.21.1, kernel-pae-3.0.101-108.21.1, kernel-ppc64-3.0.101-108.21.1, kernel-trace-3.0.101-108.21.1, kernel-xen-3.0.101-108.21.1

Comment 7 Swamp Workflow Management 2018-01-05 20:10:53 UTC

SUSE-SU-2018:0031-1: An update that solves 14 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1012422,1045205,1050231,1066569,1066693,1067678,1068032,1068671,1070771,1070781,1071074,1071470,1071693,1071694,1071695,1072561,1072876
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-17558,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-8824
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.69.1, kernel-source-3.12.74-60.64.69.1, kernel-syms-3.12.74-60.64.69.1, kernel-xen-3.12.74-60.64.69.1, kgraft-patch-SLE12-SP1_Update_24-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.69.1, kernel-source-3.12.74-60.64.69.1, kernel-syms-3.12.74-60.64.69.1, kernel-xen-3.12.74-60.64.69.1, kgraft-patch-SLE12-SP1_Update_24-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.69.1, kernel-source-3.12.74-60.64.69.1, kernel-syms-3.12.74-60.64.69.1, kernel-xen-3.12.74-60.64.69.1, kgraft-patch-SLE12-SP1_Update_24-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.69.1

Comment 8 Swamp Workflow Management 2018-01-08 20:11:48 UTC

SUSE-SU-2018:0040-1: An update that solves 32 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1010175,1034862,1045327,1050231,1052593,1056982,1057179,1057389,1058524,1062520,1063544,1063667,1066295,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1067085,1068032,1068671,1069702,1069708,1070771,1071074,1071470,1071695,1072561,1072876,1073792,1073874,1074033,999245
CVE References: CVE-2017-1000251,CVE-2017-11600,CVE-2017-13080,CVE-2017-13167,CVE-2017-14106,CVE-2017-14140,CVE-2017-14340,CVE-2017-15102,CVE-2017-15115,CVE-2017-15265,CVE-2017-15274,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-ppc64-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-source-3.0.101-0.47.106.11.1, kernel-syms-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.11.1, kernel-default-3.0.101-0.47.106.11.1, kernel-ec2-3.0.101-0.47.106.11.1, kernel-pae-3.0.101-0.47.106.11.1, kernel-trace-3.0.101-0.47.106.11.1, kernel-xen-3.0.101-0.47.106.11.1

Comment 9 Swamp Workflow Management 2018-01-16 20:11:57 UTC

SUSE-SU-2018:0115-1: An update that solves 14 vulnerabilities and has one errata is now available.

Category: security (important)
Bug References: 1045205,1050231,1066569,1066693,1068032,1068671,1070771,1070781,1071074,1071470,1071693,1071694,1071695,1072561,1072876
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-15115,CVE-2017-15868,CVE-2017-16534,CVE-2017-16538,CVE-2017-17448,CVE-2017-17449,CVE-2017-17450,CVE-2017-17558,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.111.1, kernel-source-3.12.61-52.111.1, kernel-syms-3.12.61-52.111.1, kernel-xen-3.12.61-52.111.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.111.1

Comment 10 Swamp Workflow Management 2018-01-23 17:18:26 UTC

SUSE-SU-2018:0180-1: An update that solves 26 vulnerabilities and has 24 fixes is now available.

Category: security (important)
Bug References: 1012917,1013018,1024612,1034862,1045205,1045479,1045538,1047487,1048185,1050231,1050431,1051133,1054305,1056982,1063043,1064803,1064861,1065180,1065600,1066471,1066472,1066569,1066573,1066606,1066618,1066625,1066650,1066671,1066693,1066700,1066705,1066973,1067085,1067816,1067888,1068032,1068671,1068984,1069702,1070771,1070964,1071074,1071470,1071695,1072457,1072561,1072876,1073792,1073874,1074709
CVE References: CVE-2017-11600,CVE-2017-13167,CVE-2017-14106,CVE-2017-15102,CVE-2017-15115,CVE-2017-15868,CVE-2017-16525,CVE-2017-16527,CVE-2017-16529,CVE-2017-16531,CVE-2017-16534,CVE-2017-16535,CVE-2017-16536,CVE-2017-16537,CVE-2017-16538,CVE-2017-16649,CVE-2017-16939,CVE-2017-17450,CVE-2017-17558,CVE-2017-17805,CVE-2017-17806,CVE-2017-5715,CVE-2017-5753,CVE-2017-5754,CVE-2017-7472,CVE-2017-8824
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1, kernel-source-rt-3.0.101.rt130-69.14.1, kernel-syms-rt-3.0.101.rt130-69.14.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.14.1, kernel-rt_debug-3.0.101.rt130-69.14.1, kernel-rt_trace-3.0.101.rt130-69.14.1

Comment 11 Marcus Meissner 2018-02-09 08:03:41 UTC

released