Bugzilla – Bug 1088261
VUL-0: CVE-2017-11089: kernel: Out-of-bounds read in nl80211_set_station allows privileged local attacker to cause system crash or possibly code execution
Last modified: 2020-06-15 21:36:54 UTC
rh#1564038 In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overread is observed in nl80211_set_station when user space application sends attribute NL80211_ATTR_LOCAL_MESH_POWER_MODE with data of size less than 4 bytes Upstream fix: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8feb69c7bd89513be80eb19198d48f154b254021 Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3b1c5a5307fb5277f395efdcf330c064d79df07d References: https://bugzilla.redhat.com/show_bug.cgi?id=1564038 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11089 http://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-11089.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11089
The problem was intorudced in 3.9, so affecting only cve/linux-3.12 and later branches. The fix was in 4.13, so TW is OK. 4.4.78 stable contains the fix, so SLE12-SP2/SP3 is already covered. 4.12.3 stable contains the fix, so SLE15 is already covered. The only missing one is cve/linux-3.12.
Now backported to cve/linux-3.12 branch. Reassigned back to security team.
SUSE-SU-2018:1220-1: An update that solves 11 vulnerabilities and has 7 fixes is now available. Category: security (important) Bug References: 1076537,1082299,1083125,1083242,1083275,1084536,1085279,1085331,1086162,1086194,1087088,1087260,1088147,1088260,1088261,1089608,1089752,1090643 CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897 Sources used: SUSE OpenStack Cloud 6 (src): kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1 SUSE Linux Enterprise Server for SAP 12-SP1 (src): kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1 SUSE Linux Enterprise Server 12-SP1-LTSS (src): kernel-default-3.12.74-60.64.88.1, kernel-source-3.12.74-60.64.88.1, kernel-syms-3.12.74-60.64.88.1, kernel-xen-3.12.74-60.64.88.1, kgraft-patch-SLE12-SP1_Update_27-1-2.3.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.74-60.64.88.1
SUSE-SU-2018:1221-1: An update that solves 11 vulnerabilities and has 5 fixes is now available. Category: security (important) Bug References: 1076537,1082299,1083125,1083242,1084536,1085331,1086162,1087088,1087209,1087260,1088147,1088260,1088261,1089608,1089752,1090643 CVE References: CVE-2017-0861,CVE-2017-11089,CVE-2017-13220,CVE-2017-18203,CVE-2018-10087,CVE-2018-10124,CVE-2018-1087,CVE-2018-7757,CVE-2018-8781,CVE-2018-8822,CVE-2018-8897 Sources used: SUSE Linux Enterprise Server 12-LTSS (src): kernel-default-3.12.61-52.128.1, kernel-source-3.12.61-52.128.1, kernel-syms-3.12.61-52.128.1, kernel-xen-3.12.61-52.128.1, kgraft-patch-SLE12_Update_34-1-1.3.1 SUSE Linux Enterprise Module for Public Cloud 12 (src): kernel-ec2-3.12.61-52.128.1
done