First Last Prev Next    This bug is not in your last search results.
Bug 869564 - (CVE-2014-2568) VUL-1: CVE-2014-2568: kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
(CVE-2014-2568)
VUL-1: CVE-2014-2568: kernel: net: potential information leak when ubuf backe...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/97169/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-21 06:38 UTC by Marcus Meissner
Modified: 2016-03-21 12:26 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-21 06:38:54 UTC 
via oss-sec

From: Petr Matousek <pmatouse@redhat.com>
Subject: [oss-security] CVE request -- kernel: net: potential information leak when ubuf backed skbs are skb_zerocopy()ied
Date: Thu, 20 Mar 2014 19:20:32 +0100

An information flaw was found in the way skb_zerocopy() copied skbs that
are backed by userspace buffers (for example vhost-net and recent xen
netback). Once the source skb is consumed, ubuf destructor is called and
potentially releases the corresponding userspace buffers, which can then
for example be repurposed, while the destination skb is still pointing
to the them.

This issue is similar to CVE-2014-0131.

Upstream patch:
https://lkml.org/lkml/2014/3/20/421
Comment 1 Marcus Meissner 2014-03-21 14:07:55 UTC 
skb_zerocopy does not seem to be in our SLE11 3.0.x kernel, so it seems not to be affected.
Comment 2 Swamp Workflow Management 2014-03-21 23:00:16 UTC 
bugbot adjusting priority
Comment 4 Jiri Bohac 2014-07-11 19:09:10 UTC 
skb_zerocopy() code has been moved from nfqnl_zcopy()
by commit af2806f8f90a150160be898cd85332459c83c5cb (3.14)

nfqnl_zcopy(), with the bug, has been introduced by commit ae08ce0021087a5d812d2714fb2a326ef9f8c450 (3.10)
Thus, OpenSUSE-13.1 and SLE12 are affected.
I'll take care of them.
Comment 6 Jiri Bohac 2015-09-30 15:32:22 UTC 
SLE12 has this since update to 3.12.40; I just updated the References tag in patches.kernel.org/patch-3.12.39-40;

I pushed the fix to openSUSE 13.1.

Nothing else is affected.
Comment 7 Swamp Workflow Management 2016-02-01 15:12:10 UTC 
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1
Comment 8 Marcus Meissner 2016-03-21 12:26:00 UTC 
relesed
First Last Prev Next    This bug is not in your last search results.