Bug 1075908 - (CVE-2017-13215) VUL-0: CVE-2017-13215: kernel-source: A elevation of privilege vulnerability in the Upstream kernel skcipher. Product:Android. Versions: Android kernel. Android ID: A-64386293. References: Upstreamkernel.
(CVE-2017-13215)
VUL-0: CVE-2017-13215: kernel-source: A elevation of privilege vulnerability ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/198234/
CVSSv3:SUSE:CVE-2017-13215:5.3:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-01-14 17:02 UTC by Marcus Meissner
Modified: 2020-06-15 13:27 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2018-01-17 13:42:13 UTC
commit 4f0414e54e4d1893c6f08260693f8ef84c929293 is in 
patches.kernel.org/patch-4.4.1-2, so SLES 12 SP2 and SP3 are fixed from the beginning.
Comment 2 Marcus Meissner 2018-01-17 13:44:15 UTC
3.12 currently seems to have this issue. (code looks a bit differen,t but the scatter gather calculation is at the begin of the loop).
Comment 3 Marcus Meissner 2018-01-17 13:44:37 UTC
same for 3.0
Comment 4 Takashi Iwai 2018-01-17 14:55:45 UTC
OK, the fix was backported to cve/linux-3.12 and cve/linux-3.0 branches.
The older branches have no relevant codes, and the newer branches have already the fix.
Comment 5 Swamp Workflow Management 2018-02-13 20:10:15 UTC
SUSE-SU-2018:0437-1: An update that solves 8 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 1012382,1047626,1068032,1070623,1073311,1073792,1073874,1075091,1075908,1075994,1076017,1076110,1076154,1076278,1077355,1077560,1077922,893777,893949,902893,951638
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-17805,CVE-2017-17806,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.119.1, kernel-source-3.12.61-52.119.1, kernel-syms-3.12.61-52.119.1, kernel-xen-3.12.61-52.119.1, kgraft-patch-SLE12_Update_31-1-1.7.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.119.1
Comment 6 Swamp Workflow Management 2018-02-22 20:10:03 UTC
SUSE-SU-2018:0525-1: An update that solves 8 vulnerabilities and has 19 fixes is now available.

Category: security (important)
Bug References: 1012382,1047118,1047626,1068032,1070623,1073246,1073311,1073792,1073874,1074709,1075091,1075411,1075908,1075994,1076017,1076110,1076154,1076278,1077182,1077355,1077560,1077922,1081317,893777,893949,902893,951638
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-17805,CVE-2017-17806,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.82.1, kernel-source-3.12.74-60.64.82.1, kernel-syms-3.12.74-60.64.82.1, kernel-xen-3.12.74-60.64.82.1, kgraft-patch-SLE12-SP1_Update_25-1-2.9.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.82.1
Comment 7 Swamp Workflow Management 2018-02-27 20:12:22 UTC
SUSE-SU-2018:0555-1: An update that solves 9 vulnerabilities and has 40 fixes is now available.

Category: security (important)
Bug References: 1012382,1045538,1048585,1050431,1054305,1059174,1060279,1060682,1063544,1064861,1068032,1068984,1069508,1070623,1070781,1073311,1074488,1074621,1074880,1075088,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076437,1076849,1077191,1077355,1077406,1077487,1077560,1077922,1078875,1079917,1080133,1080359,1080363,1080372,1080579,1080685,1080774,1081500,936530,962257
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.35.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.35.1, kernel-default-3.0.101-108.35.1, kernel-ec2-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-source-3.0.101-108.35.1, kernel-syms-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    cluster-network-1.4-2.32.4.6, drbd-kmp-8.4.4-0.27.4.6, gfs2-2-0.24.4.6, ocfs2-1.6-0.28.5.6
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    cluster-network-1.4-2.32.4.6, drbd-8.4.4-0.27.4.2, drbd-kmp-8.4.4-0.27.4.6, gfs2-2-0.24.4.6, ocfs2-1.6-0.28.5.6
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    drbd-8.4.4-0.27.4.2, kernel-bigmem-3.0.101-108.35.1, kernel-default-3.0.101-108.35.1, kernel-ec2-3.0.101-108.35.1, kernel-pae-3.0.101-108.35.1, kernel-ppc64-3.0.101-108.35.1, kernel-trace-3.0.101-108.35.1, kernel-xen-3.0.101-108.35.1
Comment 8 Swamp Workflow Management 2018-03-12 11:10:47 UTC
SUSE-SU-2018:0660-1: An update that solves 8 vulnerabilities and has 14 fixes is now available.

Category: security (important)
Bug References: 1012382,1054305,1060279,1068032,1068984,1070781,1073311,1074488,1074621,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076849,1077406,1077560,1077922
CVE References: CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Server 11-SP3-LTSS (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-source-3.0.101-0.47.106.19.1, kernel-syms-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-ppc64-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Point of Sale 11-SP3 (src):    kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-source-3.0.101-0.47.106.19.1, kernel-syms-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.106.19.1, kernel-default-3.0.101-0.47.106.19.1, kernel-ec2-3.0.101-0.47.106.19.1, kernel-pae-3.0.101-0.47.106.19.1, kernel-trace-3.0.101-0.47.106.19.1, kernel-xen-3.0.101-0.47.106.19.1
Comment 9 Swamp Workflow Management 2018-03-29 13:12:59 UTC
SUSE-SU-2018:0841-1: An update that solves 9 vulnerabilities and has 41 fixes is now available.

Category: security (important)
Bug References: 1012382,1045538,1048585,1049128,1050431,1054305,1059174,1060279,1060682,1063544,1064861,1068032,1068984,1069508,1070623,1070781,1073311,1074488,1074621,1074880,1075088,1075091,1075410,1075617,1075621,1075908,1075994,1076017,1076154,1076278,1076437,1076849,1077191,1077355,1077406,1077487,1077560,1077922,1078875,1079917,1080133,1080359,1080363,1080372,1080579,1080685,1080774,1081500,936530,962257
CVE References: CVE-2015-1142857,CVE-2017-13215,CVE-2017-17741,CVE-2017-18017,CVE-2017-18079,CVE-2017-5715,CVE-2018-1000004,CVE-2018-5332,CVE-2018-5333
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.21.1, kernel-rt_trace-3.0.101.rt130-69.21.1, kernel-source-rt-3.0.101.rt130-69.21.1, kernel-syms-rt-3.0.101.rt130-69.21.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-rt-3.0.101.rt130-69.21.1, kernel-rt_debug-3.0.101.rt130-69.21.1, kernel-rt_trace-3.0.101.rt130-69.21.1
Comment 10 Marcus Meissner 2018-08-29 08:54:10 UTC
done