Bug 1136593 - (CVE-2019-12381) VUL-1: CVE-2019-12381: kernel-source: An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow an attacker to cause a denial of service
(CVE-2019-12381)
VUL-1: CVE-2019-12381: kernel-source: An issue was discovered in ip_ra_contro...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: E-mail List
Security Team bot
https://smash.suse.de/issue/233867/
CVSSv3:RedHat:CVE-2019-12381:5.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-05-28 13:00 UTC by Marcus Meissner
Modified: 2019-07-01 09:24 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2019-05-28 13:00:45 UTC
CVE-2019-12381

An issue was discovered in ip_ra_control in net/ipv4/ip_sockglue.c in the Linux
kernel through 5.1.5. There is an unchecked kmalloc of new_ra, which might allow
an attacker to cause a denial of service (NULL pointer dereference and system
crash).

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-12381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12381
https://lkml.org/lkml/2019/5/25/230
https://git.kernel.org/pub/scm/linux/kernel/git/davem/net.git/commit/?id=425aa0e1d01513437668fa3d4a971168bbaa8515
Comment 1 Takashi Iwai 2019-05-28 13:15:46 UTC
Yet another one.
Comment 2 Michal Kubeček 2019-06-10 11:24:22 UTC
Ben Hutchings is questioning the CVE status (or rather the existence of a bug):

> https://lore.kernel.org/stable/69e47f52ec342b6c70c1cae6cd0140a51a713752.camel@decadent.org.uk/

Looking at the code, I have to agree. Commit 425aa0e1d015 ("ip_sockglue: Fix
missing-check bug in ip_ra_control()") makes the check more obvious and lets
ip_ra_control() return more appropriate error but even without this commit,
there is no way failed allocation would cause an actual problem.
Comment 3 Marcus Meissner 2019-06-11 05:25:24 UTC
I had mailed Dave Miller first with this evaluation, but he does not accept private bugreports.

I then had also mailed netdev with this evaluation, but no reply
Comment 4 Jiri Slaby 2019-07-01 09:19:44 UTC
The CVE is disputed since 6/20/2019 7:15:09.
Comment 5 Marcus Meissner 2019-07-01 09:24:34 UTC
Yes, we found this to be a non-issue.