Bug 878289 - (CVE-2012-6647) VUL-0: CVE-2012-6647: kernel: futex: forbid uaddr == uaddr2 in futex_wait_requeue_pi()
(CVE-2012-6647)
VUL-0: CVE-2012-6647: kernel: futex: forbid uaddr == uaddr2 in futex_wait_req...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Michal Hocko
Security Team bot
https://smash.suse.de/issue/98811/
maint:released:sle11-sp1:57694 main...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-16 09:59 UTC by Johannes Segitz
Modified: 2014-06-17 23:16 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-05-16 09:59:18 UTC
Via oss-security (Message-ID: <alpine.LFD.2.10.1405141836180.17630@wniryva.cad.erqung.pbz>)

Linux kernel built with the fast userspace mutexes(CONFIG_FUTEX)
support is vulnerable to a NULL pointer dereference flaw. It could
occur when a waiting task requests wait to be re-queued from non-PI
futex to a PI-aware futex via FUTEX_WAIT_REQUEUE_PI operation.

An unprivileged user/program could use this flaw to crash the system
kernel resulting in DoS.

Upstream fix:
-------------
  -> https://git.kernel.org/linus/6f7b0a2a5c0fb03be7c25bd1745baa50582348ef

Introduced in:
--------------
  -> https://git.kernel.org/linus/52400ba946759af28442dee6265c5c0180ac7122

I did a little research and according to the dates of the commits this issue should be present from 2.6.30 onwards and was fixed in 3.6.0. So SLE11 with all SPs should be affected, unless we backported the patch. Can you please check?

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1097746
Comment 1 SMASH SMASH 2014-05-16 10:10:13 UTC
Affected packages:

SLE-11-SP1-TERADATA: kernel-source
SLE-11-SP1: kernel-source
SLE-11-SP3: kernel-source
SLE-11-SP2: kernel-source
Comment 2 Swamp Workflow Management 2014-05-16 22:00:18 UTC
bugbot adjusting priority
Comment 3 Jeff Mahoney 2014-05-21 18:23:30 UTC
This was fixed in 3.0.40.

Applied to SLE11-SP1-LTSS.
Comment 5 Marcus Meissner 2014-05-22 12:57:39 UTC
The 11-SP3 RT branch pulls from the SLE11-SP3 branch, so it should be there already and released.

openSUSE 12.3 and 13.1 are fixed as the fix was commited in 2012.

done for comitting.
Comment 7 Swamp Workflow Management 2014-06-04 13:57:21 UTC
An update workflow for this issue was started.
This issue was rated as critical.
Please submit fixed packages until 2014-06-06.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/57692
Comment 8 Swamp Workflow Management 2014-06-10 21:04:46 UTC
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Products:
SLE-SERVER 11-SP1-TERADATA (x86_64)
Comment 9 Swamp Workflow Management 2014-06-17 18:50:37 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-pae, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-pae, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-pae, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-pae, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-pae, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-pae, kernel-pae-base, kernel-pae-debuginfo, kernel-pae-debugsource, kernel-pae-devel, kernel-pae-devel-debuginfo, kernel-pae-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-pae, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (i386)
SLE-SERVER 11-SP1-LTSS (i386)
Comment 10 Swamp Workflow Management 2014-06-17 18:55:16 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, cluster-network-kmp-default, cluster-network-kmp-trace, ext4dev-kmp-default, ext4dev-kmp-trace, gfs2-kmp-default, gfs2-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-default-man, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-trace-man, ocfs2-kmp-default, ocfs2-kmp-trace
Products:
SLE-DEBUGINFO 11-SP1 (s390x)
SLE-SERVER 11-SP1-LTSS (s390x)
Comment 11 Swamp Workflow Management 2014-06-17 19:52:14 UTC
Update released for: btrfs-kmp-default, btrfs-kmp-trace, btrfs-kmp-xen, cluster-network-kmp-default, cluster-network-kmp-trace, cluster-network-kmp-xen, ext4dev-kmp-default, ext4dev-kmp-trace, ext4dev-kmp-xen, gfs2-kmp-default, gfs2-kmp-trace, gfs2-kmp-xen, hyper-v-kmp-default, hyper-v-kmp-trace, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-desktop-devel, kernel-ec2, kernel-ec2-base, kernel-ec2-debuginfo, kernel-ec2-debugsource, kernel-ec2-devel, kernel-ec2-devel-debuginfo, kernel-ec2-extra, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra, ocfs2-kmp-default, ocfs2-kmp-trace, ocfs2-kmp-xen
Products:
SLE-DEBUGINFO 11-SP1 (x86_64)
SLE-SERVER 11-SP1-LTSS (x86_64)
Comment 12 Swamp Workflow Management 2014-06-17 23:10:43 UTC
SUSE-SU-2014:0807-1: An update that solves 17 vulnerabilities and has 9 fixes is now available.

Category: security (important)
Bug References: 630970,661605,663516,761774,792407,852553,852967,854634,854743,856756,857643,863335,865310,866102,868049,868488,868653,869563,871561,873070,874108,875690,875798,876102,878289,880892
CVE References: CVE-2012-6647,CVE-2013-6382,CVE-2013-6885,CVE-2013-7027,CVE-2013-7263,CVE-2013-7264,CVE-2013-7265,CVE-2013-7339,CVE-2014-0101,CVE-2014-0196,CVE-2014-1737,CVE-2014-1738,CVE-2014-1874,CVE-2014-2523,CVE-2014-2678,CVE-2014-3122,CVE-2014-3153
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    btrfs-0-0.3.163, ext4dev-0-7.9.130, hyper-v-0-0.18.39, kernel-default-2.6.32.59-0.13.1, kernel-ec2-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-source-2.6.32.59-0.13.1, kernel-syms-2.6.32.59-0.13.1, kernel-trace-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1
SLE 11 SERVER Unsupported Extras (src):    kernel-default-2.6.32.59-0.13.1, kernel-pae-2.6.32.59-0.13.1, kernel-xen-2.6.32.59-0.13.1
Comment 13 Swamp Workflow Management 2014-06-17 23:12:54 UTC
Update released for: kernel-default-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (x86_64)
Comment 14 Swamp Workflow Management 2014-06-17 23:13:52 UTC
Update released for: kernel-default-extra
Products:
SLE-SERVER 11-EXTRA (s390x)
Comment 15 Swamp Workflow Management 2014-06-17 23:16:00 UTC
Update released for: kernel-default-extra, kernel-pae-extra, kernel-xen-extra
Products:
SLE-SERVER 11-EXTRA (i386)