First Last Prev Next    This bug is not in your last search results.
Bug 1198437 - (CVE-2021-0707) VUL-1: CVE-2021-0707: kernel-source: possible memory corruption due to a use after free in dma_buf_release of dma-buf.c
(CVE-2021-0707)
VUL-1: CVE-2021-0707: kernel-source: possible memory corruption due to a use ...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/328864/
CVSSv3.1:SUSE:CVE-2021-0707:7.8:(AV:L...
:
Depends on:
Blocks: 1199332
  Show dependency treegraph
 
Reported: 2022-04-13 08:20 UTC by Gabriele Sonnu
Modified: 2022-06-13 11:18 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriele Sonnu 2022-04-13 08:20:43 UTC 
In dma_buf_release of dma-buf.c, there is a possible memory corruption due to a
use after free. This could lead to local escalation of privilege with no
additional execution privileges needed. User interaction is not needed for
exploitation.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-0707
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0707
https://source.android.com/security/bulletin/2022-04-01
Comment 1 Gabriele Sonnu 2022-04-13 08:26:29 UTC 
It seems the vulnerability was introduced by 4ab59c3c638c6c8952bf07739805d20eb6358a4d ([0]), included in the following branches, which also contain the fix (05cd84691eafcd7959a1e120d5e72c0dd98c5d91 [1]):

- SLE15-SP3
- SLE15-SP4
- SLE15-SP4-GA
- stable

Therefore I'd say none of our products is affected, but please confirm.

[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4ab59c3c638c6c8952bf07739805d20eb6358a4d
[0] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=05cd84691eafcd7959a1e120d5e72c0dd98c5d91
Comment 2 Takashi Iwai 2022-04-13 09:01:34 UTC 
Yes, SLE15-SP3 already got the fix via git-fixes, and SP4 and stable are based on the newer kernels that already include the fix.

I'm going to update the patch reference on SLE15-SP3 branch.

Reassigned back to security team.
Comment 3 Gabriele Sonnu 2022-04-13 09:14:28 UTC 
Thanks, closing.
Comment 11 Swamp Workflow Management 2022-05-16 13:24:16 UTC 
SUSE-SU-2022:1669-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
SUSE Linux Enterprise Realtime Extension 15-SP3 (src):    release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Module for Realtime 15-SP3 (src):    kernel-rt-5.3.18-150300.88.2, kernel-rt_debug-5.3.18-150300.88.2, kernel-source-rt-5.3.18-150300.88.2, kernel-syms-rt-5.3.18-150300.88.1, release-notes-sle_rt-15.3.20220422-150300.3.3.2
SUSE Linux Enterprise Micro 5.2 (src):    kernel-rt-5.3.18-150300.88.2
SUSE Linux Enterprise Micro 5.1 (src):    kernel-rt-5.3.18-150300.88.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2022-05-16 13:37:59 UTC 
SUSE-SU-2022:1676-1: An update that solves 16 vulnerabilities, contains 6 features and has 25 fixes is now available.

Category: security (important)
Bug References: 1028340,1065729,1071995,1121726,1137728,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197914,1197926,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198660,1198742,1198825,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-15176,SLE-8449
Sources used:
openSUSE Leap 15.3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1
SUSE Linux Enterprise Module for Public Cloud 15-SP3 (src):    kernel-azure-5.3.18-150300.38.56.1, kernel-source-azure-5.3.18-150300.38.56.1, kernel-syms-azure-5.3.18-150300.38.56.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 13 Swamp Workflow Management 2022-05-16 16:24:34 UTC 
SUSE-SU-2022:1687-1: An update that solves 16 vulnerabilities, contains 6 features and has 29 fixes is now available.

Category: security (important)
Bug References: 1028340,1071995,1137728,1152472,1152489,1177028,1179878,1182073,1183723,1187055,1191647,1193556,1193842,1194625,1195651,1195926,1196018,1196114,1196367,1196514,1196639,1196942,1197157,1197391,1197656,1197660,1197677,1197914,1197926,1198077,1198217,1198330,1198400,1198413,1198437,1198448,1198484,1198515,1198516,1198534,1198742,1198825,1198989,1199012,1199024
CVE References: CVE-2020-27835,CVE-2021-0707,CVE-2021-20292,CVE-2021-20321,CVE-2021-38208,CVE-2021-4154,CVE-2022-0812,CVE-2022-1158,CVE-2022-1280,CVE-2022-1353,CVE-2022-1419,CVE-2022-1516,CVE-2022-28356,CVE-2022-28748,CVE-2022-28893,CVE-2022-29156
JIRA References: SLE-13208,SLE-13513,SLE-15172,SLE-15175,SLE-18234,SLE-8449
Sources used:
openSUSE Leap 15.4 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
openSUSE Leap 15.3 (src):    dtb-aarch64-5.3.18-150300.59.68.1, kernel-64kb-5.3.18-150300.59.68.1, kernel-debug-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-docs-5.3.18-150300.59.68.1, kernel-kvmsmall-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-obs-qa-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Workstation Extension 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Live Patching 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-livepatch-SLE15-SP3_Update_18-1-150300.7.5.1
SUSE Linux Enterprise Module for Legacy Software 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    kernel-docs-5.3.18-150300.59.68.1, kernel-obs-build-5.3.18-150300.59.68.1, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-syms-5.3.18-150300.59.68.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    kernel-64kb-5.3.18-150300.59.68.1, kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3, kernel-preempt-5.3.18-150300.59.68.1, kernel-source-5.3.18-150300.59.68.1, kernel-zfcpdump-5.3.18-150300.59.68.1
SUSE Linux Enterprise Micro 5.2 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise Micro 5.1 (src):    kernel-default-5.3.18-150300.59.68.1, kernel-default-base-5.3.18-150300.59.68.1.150300.18.41.3
SUSE Linux Enterprise High Availability 15-SP3 (src):    kernel-default-5.3.18-150300.59.68.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 14 Marcus Meissner 2022-06-13 11:18:33 UTC 
Please note that this CVE was fixed in SLES 15 SP3 GA already due to importing of regular bugfixes.

This CVE was assigned 1.5 years later in April 2022, and referenced due to only the CVE meta reference addition in a recent update.

The issue was already fixed in GA.

No livepatch will be provided, as it is not necessary.
First Last Prev Next    This bug is not in your last search results.