Bug 1088261 - (CVE-2017-11089) VUL-0: CVE-2017-11089: kernel: Out-of-bounds read in nl80211_set_station allows privileged local attacker to cause system crash or possibly code execution
(CVE-2017-11089)
VUL-0: CVE-2017-11089: kernel: Out-of-bounds read in nl80211_set_station allo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/195164/
CVSSv3:SUSE:CVE-2017-11089:6.4:(AV:L/...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-04-05 09:09 UTC by Alexander Bergmann
Modified: 2020-06-15 21:36 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-04-05 09:09:59 UTC
rh#1564038

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases
from CAF using the Linux kernel, a buffer overread is observed in
nl80211_set_station when user space application sends attribute
NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes

Upstream fix:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8feb69c7bd89513be80eb19198d48f154b254021

Introduced by:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b1c5a5307fb5277f395efdcf330c064d79df07d

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1564038
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11089
http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11089.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11089
Comment 1 Takashi Iwai 2018-04-05 10:09:20 UTC
The problem was intorudced in 3.9, so affecting only cve/linux-3.12 and later branches.

The fix was in 4.13, so TW is OK.
4.4.78 stable contains the fix, so SLE12-SP2/SP3 is already covered.
4.12.3 stable contains the fix, so SLE15 is already covered.

The only missing one is cve/linux-3.12.
Comment 2 Takashi Iwai 2018-04-05 10:11:51 UTC
Now backported to cve/linux-3.12 branch.

Reassigned back to security team.
Comment 3 Swamp Workflow Management 2018-05-11 19:10:22 UTC
SUSE-SU-2018:1220-1: An update that solves 11 vulnerabilities and has 7 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1083275,1084536,1085279,1085331,1086162,1086194,1087088,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE OpenStack Cloud 6 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server for SAP 12-SP1 (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Server 12-SP1-LTSS (src):    kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.74-60.64.88.1
Comment 4 Swamp Workflow Management 2018-05-11 19:12:55 UTC
SUSE-SU-2018:1221-1: An update that solves 11 vulnerabilities and has 5 fixes is now available.

Category: security (important)
Bug References: 1076537,1082299,1083125,1083242,1084536,1085331,1086162,1087088,1087209,1087260,1088147,1088260,1088261,1089608,1089752,1090643
CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897
Sources used:
SUSE Linux Enterprise Server 12-LTSS (src):    kernel-default-3.12.61-52.128.1, kernel-source-3.12.61-52.128.1, kernel-syms-3.12.61-52.128.1, kernel-xen-3.12.61-52.128.1, kgraft-patch-SLE12_Update_34-1-1.3.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.61-52.128.1
Comment 5 Marcus Meissner 2018-11-09 08:03:16 UTC
done