Bug 1123706 (CVE-2017-18360) - VUL-0: CVE-2017-18360: kernel: user space can oops the kernel by going to extreme baud rates
Summary: VUL-0: CVE-2017-18360: kernel: user space can oops the kernel by going to ext...
Status: RESOLVED FIXED
Alias: CVE-2017-18360
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/224015/
Whiteboard: CVSSv3:SUSE:CVE-2017-18360:5.5:(AV:L/...
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-30 15:34 UTC by Oliver Neukum
Modified: 2022-02-13 11:42 UTC (History)
2 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Neukum 2019-01-30 15:34:14 UTC
Upstream has this fix and this looks like exploitable without root priviledges, hence worth a CVE

commit 6aeb75e6adfaed16e58780309613a578fe1ee90b
Author: Johan Hovold <johan@kernel.org>
Date:   Thu May 11 11:41:21 2017 +0200

    USB: serial: io_ti: fix div-by-zero in set_termios
    
    Fix a division-by-zero in set_termios when debugging is enabled and a
    high-enough speed has been requested so that the divisor value becomes
    zero.
    
    Instead of just fixing the offending debug statement, cap the baud rate
    at the base as a zero divisor value also appears to crash the firmware.
    
    Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
    Cc: stable <stable@vger.kernel.org>     # 2.6.12
    Reviewed-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
    Signed-off-by: Johan Hovold <johan@kernel.org>
Comment 1 Marcus Meissner 2019-01-31 07:51:17 UTC
cve requested
Comment 2 Marcus Meissner 2019-01-31 07:52:47 UTC
patches.kernel.org/patch-4.4.69-70  so SLES 12 Sp2 and newer should be fixed already
Comment 3 Marcus Meissner 2019-01-31 09:25:30 UTC
CVE-2017-18360
Comment 4 Oliver Neukum 2019-02-06 15:12:36 UTC
Fix submitted to SLE11-SP4 tree
Comment 5 Swamp Workflow Management 2019-03-19 10:22:41 UTC
SUSE-SU-2019:13979-1: An update that solves 8 vulnerabilities and has 73 fixes is now available.

Category: security (important)
Bug References: 1012382,1031572,1068032,1086695,1087081,1094244,1098658,1104098,1104367,1104684,1104818,1105536,1106105,1106886,1107371,1109330,1109806,1110006,1112963,1113667,1114440,1114672,1114920,1115007,1115038,1115827,1115828,1115829,1115830,1115831,1115832,1115833,1115834,1115835,1115836,1115837,1115838,1115839,1115840,1115841,1115842,1115843,1115844,1116841,1117796,1117802,1117805,1117806,1117943,1118152,1118319,1118760,1119255,1119714,1120056,1120077,1120086,1120093,1120094,1120105,1120107,1120109,1120217,1120223,1120226,1120336,1120347,1120743,1120950,1121872,1121997,1122874,1123505,1123702,1123706,1124010,1124735,1125931,931850,969471,969473
CVE References: CVE-2016-10741,CVE-2017-18360,CVE-2018-19407,CVE-2018-19824,CVE-2018-19985,CVE-2018-20169,CVE-2018-9568,CVE-2019-7222
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-108.87.1
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-bigmem-3.0.101-108.87.1, kernel-default-3.0.101-108.87.1, kernel-ec2-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-source-3.0.101-108.87.1, kernel-syms-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    ocfs2-1.6-0.28.7.1
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    ocfs2-1.6-0.28.7.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-bigmem-3.0.101-108.87.1, kernel-default-3.0.101-108.87.1, kernel-ec2-3.0.101-108.87.1, kernel-pae-3.0.101-108.87.1, kernel-ppc64-3.0.101-108.87.1, kernel-trace-3.0.101-108.87.1, kernel-xen-3.0.101-108.87.1