Bug 871148 - (CVE-2014-2672) VUL-1: CVE-2014-2672: kernel: compat-wireless: ath9k: potential crash problem
VUL-1: CVE-2014-2672: kernel: compat-wireless: ath9k: potential crash problem
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Takashi Iwai
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2014-03-31 11:42 UTC by Marcus Meissner
Modified: 2014-06-24 06:49 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2014-03-31 11:42:13 UTC
via oss-sec/mitre

> http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=21f8aaee0c62708654988ce092838aa7df4d25d8

> The vulnerability is caused due to a race condition error in the 
> "ath_tx_aggr_sleep()" function (drivers/net/wireless/ath/ath9k/xmit.c), which 
> can be exploited to cause a crash.
> https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.12.15
> https://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.13.7
> https://bugzilla.kernel.org/show_bug.cgi?id=70551

Use CVE-2014-2672.
Comment 1 SMASH SMASH 2014-03-31 12:20:11 UTC
Affected packages:

SLE-11-SP3: kernel-source
Comment 2 Takashi Iwai 2014-03-31 12:51:33 UTC
compat-wireless-kmp for SLE11-SP3 hits, too.
Comment 3 Takashi Iwai 2014-03-31 13:12:17 UTC
The relevant code isn't seen in SLE11-SP3 kernel, so we can skip whole SLE11.
SLE10 and earlier don't have this driver.  Only compat-wireless-kmp needs the fix.

But we need the fix for openSUSE 12.3 and openSUSE 13.1 kernels.
Comment 4 Takashi Iwai 2014-03-31 13:47:16 UTC
The fix for SLE11-SP3 compat-wireless is submitted via SRID 35259.  This includes the updrade of backports-3.13.

The fixes for openSUSE 12.3 and 13.1 have been committed to the corresponding git branches now.
Comment 6 Swamp Workflow Management 2014-03-31 22:00:26 UTC
bugbot adjusting priority
Comment 7 Takashi Iwai 2014-04-01 07:00:57 UTC
All fixes have been committed / submitted.  Reassigned back to security team.
Comment 8 Swamp Workflow Management 2014-05-08 12:44:28 UTC
The SWAMPID for this issue is 57261.
This issue was rated as moderate.
Please submit fixed packages until 2014-05-22.
Also create a patchinfo file using this link:
Comment 9 Swamp Workflow Management 2014-05-19 12:09:19 UTC
openSUSE-SU-2014:0677-1: An update that solves 16 vulnerabilities and has 10 fixes is now available.

Category: security (important)
Bug References: 733022,811746,833968,837111,851426,852652,852967,858233,858638,858869,858870,858872,860835,862145,863335,864025,866102,868653,869414,869898,871148,871252,871325,873717,875690,875798
CVE References: CVE-2013-4254,CVE-2013-4579,CVE-2013-6885,CVE-2014-0101,CVE-2014-0196,CVE-2014-0691,CVE-2014-1438,CVE-2014-1444,CVE-2014-1445,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 12.3 (src):    kernel-docs-3.7.10-1.32.2, kernel-source-3.7.10-1.32.1, kernel-syms-3.7.10-1.32.1
Comment 10 Swamp Workflow Management 2014-05-19 12:19:07 UTC
openSUSE-SU-2014:0678-1: An update that solves 17 vulnerabilities and has 23 fixes is now available.

Category: security (important)
Bug References: 639379,812592,81660,821619,833968,842553,849334,851244,851426,852656,852967,853350,856760,857643,858638,858872,859342,860502,860835,861750,862746,863235,863335,864025,864867,865075,866075,866102,867718,868653,869414,871148,871160,871252,871325,875440,875690,875798,876531,876699
CVE References: CVE-2013-4579,CVE-2013-6885,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7281,CVE-2014-0069,CVE-2014-0101,CVE-2014-0196,CVE-2014-1438,CVE-2014-1446,CVE-2014-1690,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2672
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.7.1, crash-7.0.2-2.7.1, hdjmod-1.28-16.7.1, ipset-6.19-2.7.1, iscsitarget-, kernel-docs-3.11.10-11.3, kernel-source-3.11.10-11.1, kernel-syms-3.11.10-11.1, ndiswrapper-1.58-7.1, openvswitch-1.11.0-0.25.1, pcfclock-0.44-258.7.1, virtualbox-4.2.18-2.12.1, xen-4.3.2_01-15.1, xtables-addons-2.3-2.7.1
Comment 11 Marcus Meissner 2014-06-23 09:15:28 UTC
SLE12 fix is probably also needed?
Comment 12 Takashi Iwai 2014-06-23 10:26:52 UTC
The fix for SLE12 is included in 3.12.15 stable tree.
Comment 13 Marcus Meissner 2014-06-23 12:25:16 UTC
ok, then we got all covered.
Comment 14 Swamp Workflow Management 2014-06-23 14:47:39 UTC
Update released for: compat-wireless, compat-wireless-debuginfo, compat-wireless-debugsource, compat-wireless-kmp-default, compat-wireless-kmp-pae, compat-wireless-kmp-trace, compat-wireless-kmp-xen
SLE-DEBUGINFO 11-SP3 (i386, x86_64)
SLE-DESKTOP 11-SP3 (i386, x86_64)
SLE-POS 11-SP3 (i386, x86_64)
Comment 15 Swamp Workflow Management 2014-06-23 18:10:29 UTC
SUSE-SU-2014:0833-1: An update that solves two vulnerabilities and has three fixes is now available.

Category: security (moderate)
Bug References: 851021,851426,865475,871148,883209
CVE References: CVE-2013-4579,CVE-2014-2672
Sources used:
SUSE Linux Enterprise Point of Service 11 SP3 (src):    compat-wireless-3.13-0.9.1
SUSE Linux Enterprise Desktop 11 SP3 (src):    compat-wireless-3.13-0.9.1