First Last Prev Next    This bug is not in your last search results.
Bug 1167401 - (CVE-2020-10810) VUL-1: CVE-2020-10810: hdf5: A NULL pointer dereference exists in the function H5AC_unpin_entry() located in H5AC.c (in HDF5 through 1.12.0).
(CVE-2020-10810)
VUL-1: CVE-2020-10810: hdf5: A NULL pointer dereference exists in the functio...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: HPC Issue Tracker
Security Team bot
https://smash.suse.de/issue/255572/
CVSSv3.1:SUSE:CVE-2020-10810:5.5:(AV...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2020-03-23 09:49 UTC by Hans Loehr
Modified: 2022-09-06 11:27 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Hans Loehr 2020-03-23 09:49:30 UTC 
CVE-2020-10810

An issue was discovered in HDF5 through 1.12.0. A NULL pointer dereference
exists in the function H5AC_unpin_entry() located in H5AC.c. It allows an
attacker to cause Denial of Service.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10810
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10810
https://research.loginsoft.com/bugs/null-pointer-dereference-in-h5ac-c-hdf5-1-13-0/
https://bitbucket.hdfgroup.org/projects/HDFFV/repos/hdf5/browse/release_docs/RELEASE.txt
Comment 1 Hans Loehr 2020-03-25 10:26:31 UTC 
To reproduce, see:
https://github.com/Loginsoft-Research/hdf5-reports/tree/master/Vuln_3

At least SLE15-SP1 and SLE12-SP2 are affected; probably other versions, too.
Comment 2 Hans Loehr 2020-03-25 15:33:23 UTC 
The PoC from Loginsoft Research produces crashes, at least on SLE12-SP2 and Leap15.1 (should also be the case on SLE15 and SLE15-SP1).
However, the code in H5AC_unpin_entry() is different in our versions,
and the PoC seems to trigger a different bug (not the null pointer dereference that has been reported in this CVE). 

Leap15.1/SLE15:  double free in  H5FL.c: H5FL__reg_gc_list()
Comment 4 OBSbugzilla Bot 2022-05-04 12:40:21 UTC 
This is an autogenerated message for OBS integration:
This bug (1167401) was mentioned in
https://build.opensuse.org/request/show/974903 Factory / hdf5
Comment 5 Egbert Eich 2022-05-05 10:42:24 UTC 
This issue has been fixed in version 1.10.8.
Comment 10 Swamp Workflow Management 2022-06-01 13:18:47 UTC 
SUSE-SU-2022:1903-1: An update that solves 27 vulnerabilities, contains four features and has 5 fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150100.7.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150100.7.4.3

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2022-06-01 19:20:01 UTC 
SUSE-SU-2022:1910-1: An update that solves 27 vulnerabilities and has three fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1167401,1167404,1167405,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: 
Sources used:
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150200.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150200.8.4.2, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150200.8.4.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-06-02 13:18:17 UTC 
SUSE-SU-2022:1912-1: An update that solves 15 vulnerabilities and has two fixes is now available.

Category: security (important)
Bug References: 1093657,1101471,1101474,1102175,1109167,1109168,1109564,1109565,1109566,1109568,1109569,1109570,1167401,1167404,1167405,1179521,1196682
CVE References: CVE-2018-11206,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
openSUSE Leap 15.3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2
SUSE Linux Enterprise Module for HPC 15-SP3 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150300.4.3.1, hdf5_1_10_8-gnu-openmpi3-hpc-1.10.8-150300.4.3.2, hdf5_1_10_8-gnu-openmpi4-hpc-1.10.8-150300.4.3.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-06-02 13:21:33 UTC 
SUSE-SU-2022:1911-1: An update that solves 27 vulnerabilities, contains four features and has 8 fixes is now available.

Category: security (important)
Bug References: 1072087,1072090,1072108,1072111,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1116458,1124509,1133222,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3, suse-hpc-0.5.20220206.0c6b168-150000.11.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    hdf5_1_10_8-gnu-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mpich-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-150000.8.4.3, hdf5_1_10_8-gnu-openmpi2-hpc-1.10.8-150000.8.4.3, suse-hpc-0.5.20220206.0c6b168-150000.11.3.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Swamp Workflow Management 2022-06-03 13:19:07 UTC 
SUSE-SU-2022:1933-1: An update that solves 27 vulnerabilities, contains four features and has 17 fixes is now available.

Category: security (important)
Bug References: 1058563,1072087,1072090,1072108,1072111,1080022,1080259,1080426,1080442,1082209,1084951,1088547,1091237,1093641,1093649,1093653,1093655,1093657,1101471,1101474,1101493,1101495,1102175,1109166,1109167,1109168,1109564,1109565,1109566,1109567,1109568,1109569,1109570,1116458,1124509,1133222,1134298,1167401,1167404,1167405,1169793,1174439,1179521,1196682
CVE References: CVE-2017-17505,CVE-2017-17506,CVE-2017-17508,CVE-2017-17509,CVE-2018-11202,CVE-2018-11203,CVE-2018-11204,CVE-2018-11206,CVE-2018-11207,CVE-2018-13869,CVE-2018-13870,CVE-2018-14032,CVE-2018-14033,CVE-2018-14460,CVE-2018-17233,CVE-2018-17234,CVE-2018-17237,CVE-2018-17432,CVE-2018-17433,CVE-2018-17434,CVE-2018-17435,CVE-2018-17436,CVE-2018-17437,CVE-2018-17438,CVE-2020-10809,CVE-2020-10810,CVE-2020-10811
JIRA References: SLE-7766,SLE-7773,SLE-8501,SLE-8604
Sources used:
SUSE Linux Enterprise Module for HPC 12 (src):    hdf5_1_10_8-gnu-hpc-1.10.8-3.12.2, hdf5_1_10_8-gnu-mvapich2-hpc-1.10.8-3.12.2, hdf5_1_10_8-gnu-openmpi1-hpc-1.10.8-3.12.2, suse-hpc-0.5.20220206.0c6b168-5.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 15 Egbert Eich 2022-09-06 11:27:29 UTC 
The NULL pointer access is a read access:
Program received signal SIGSEGV, Segmentation fault.
H5AC_unpin_entry (thing=<optimized out>) at H5AC.c:1459
1459	    if(cache_ptr->log_info->logging)
(gdb) x/i $pc
=> 0x7ffff785f946 <H5AC_unpin_entry+106>:	mov    0x8(%r12),%rax

Regardless, the issue has been fixed in 1.10.7.
Meanwhile we have released 1.10.8.
First Last Prev Next    This bug is not in your last search results.