Bugzilla – Bug 883526
VUL-0: CVE-2014-0203: kernel: slab corruption due to the invalid last component type during do_filp_open()
Last modified: 2014-09-16 20:54:52 UTC
rh#1094363 It was found that proc_ns_follow_link() doesn't return LAST_BIND (unlike proc_pid_follow_link()) which leads to the slab corruption caused by (excessive) putname() in do_filp_open(). The slab corruption later manifests itself in the form of BUG() in cache_alloc_refill() when performing "$ echo > /proc/$$/ns/pid" -- An unprivileged local user could use this flaw to crash the system. Upstream fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=86acdca1b63e6890540fa19495cfc708beff3d8b References: https://bugzilla.redhat.com/show_bug.cgi?id=1094363 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0203
bugbot adjusting priority
the fix went into 2.6.33 so no new branches are affected. Pushed to SLE11-SP1-TD and SLES10-SP3-TD branches.
Thanks, probably just for _LTSS branch(es) then.
Affected packages: SLE-10-SP3-TERADATA: kernel-source SLE-11-SP1: kernel-source SLE-11-SP1-TERADATA: kernel-source
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-08. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58141
Pushed to SLE11-SP1-LTSS as well.
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra Products: SLE-SERVER 11-SP1-TERADATA (x86_64)
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-07-16. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58208
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-dummy, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo Products: SLE-SERVER 10-SP3-TERADATA (x86_64)
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2014-09-03. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/58726
SUSE-SU-2014:1138-1: An update that fixes 22 vulnerabilities is now available. Category: security (important) Bug References: 794824,806431,831058,854722,856756,871797,877257,879921,880484,881051,882809,883526,883724,883795,884530,885422,885725,887082,889173,892490 CVE References: CVE-2013-1860,CVE-2013-4162,CVE-2013-7266,CVE-2013-7267,CVE-2013-7268,CVE-2013-7269,CVE-2013-7270,CVE-2013-7271,CVE-2014-0203,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-4943,CVE-2014-5077 Sources used: SUSE Linux Enterprise Server 11 SP1 LTSS (src): kernel-default-2.6.32.59-0.15.2, kernel-ec2-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-source-2.6.32.59-0.15.2, kernel-syms-2.6.32.59-0.15.2, kernel-trace-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2, xen-4.0.3_21548_16-0.5.26 SLE 11 SERVER Unsupported Extras (src): kernel-default-2.6.32.59-0.15.2, kernel-pae-2.6.32.59-0.15.2, kernel-xen-2.6.32.59-0.15.2