Bug 883526 - (CVE-2014-0203) VUL-0: CVE-2014-0203: kernel: slab corruption due to the invalid last component type during do_filp_open()
VUL-0: CVE-2014-0203: kernel: slab corruption due to the invalid last compone...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
maint:released:sle11-sp1:58142 main...
Depends on:
  Show dependency treegraph
Reported: 2014-06-20 10:25 UTC by Johannes Segitz
Modified: 2014-09-16 20:54 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2014-06-20 10:25:33 UTC

It was found that proc_ns_follow_link() doesn't return LAST_BIND (unlike
proc_pid_follow_link()) which leads to the slab corruption caused by
(excessive) putname() in do_filp_open().

The slab corruption later manifests itself in the form of BUG() in
cache_alloc_refill() when performing "$ echo > /proc/$$/ns/pid" --

An unprivileged local user could use this flaw to crash the system.
Upstream fix:

Comment 1 Swamp Workflow Management 2014-06-20 22:00:17 UTC
bugbot adjusting priority
Comment 2 Michal Hocko 2014-06-24 08:30:45 UTC
the fix went into 2.6.33 so no new branches are affected.

Pushed to SLE11-SP1-TD and SLES10-SP3-TD branches.
Comment 3 Jiri Kosina 2014-06-25 08:45:56 UTC
Thanks, probably just for _LTSS branch(es) then.
Comment 4 SMASH SMASH 2014-06-25 16:15:14 UTC
Affected packages:

SLE-10-SP3-TERADATA: kernel-source
SLE-11-SP1: kernel-source
SLE-11-SP1-TERADATA: kernel-source
Comment 6 Swamp Workflow Management 2014-07-01 09:12:01 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-08.
When done, reassign the bug to security-team@suse.de.
Comment 7 Miklos Szeredi 2014-07-01 10:11:29 UTC
Pushed to SLE11-SP1-LTSS as well.
Comment 8 Swamp Workflow Management 2014-07-03 10:04:22 UTC
Update released for: kernel-debug, kernel-debug-base, kernel-debug-debuginfo, kernel-debug-debugsource, kernel-debug-devel, kernel-debug-devel-debuginfo, kernel-debug-extra, kernel-default, kernel-default-base, kernel-default-debuginfo, kernel-default-debugsource, kernel-default-devel, kernel-default-devel-debuginfo, kernel-default-extra, kernel-docs, kernel-source, kernel-source-debuginfo, kernel-source-vanilla, kernel-syms, kernel-trace, kernel-trace-base, kernel-trace-debuginfo, kernel-trace-debugsource, kernel-trace-devel, kernel-trace-devel-debuginfo, kernel-trace-extra, kernel-xen, kernel-xen-base, kernel-xen-debuginfo, kernel-xen-debugsource, kernel-xen-devel, kernel-xen-devel-debuginfo, kernel-xen-extra
Comment 11 Swamp Workflow Management 2014-07-09 10:24:02 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-07-16.
When done, reassign the bug to security-team@suse.de.
Comment 12 Swamp Workflow Management 2014-07-11 10:04:38 UTC
Update released for: kernel-debug, kernel-debug-debuginfo, kernel-default, kernel-default-debuginfo, kernel-dummy, kernel-kdump, kernel-kdump-debuginfo, kernel-smp, kernel-smp-debuginfo, kernel-source, kernel-source-debuginfo, kernel-syms, kernel-xen, kernel-xen-debuginfo
Comment 14 Swamp Workflow Management 2014-08-27 10:27:48 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2014-09-03.
When done, reassign the bug to security-team@suse.de.
Comment 15 Swamp Workflow Management 2014-09-16 17:08:06 UTC
SUSE-SU-2014:1138-1: An update that fixes 22 vulnerabilities is now available.

Category: security (important)
Bug References: 794824,806431,831058,854722,856756,871797,877257,879921,880484,881051,882809,883526,883724,883795,884530,885422,885725,887082,889173,892490
CVE References: CVE-2013-1860,CVE-2013-4162,CVE-2013-7266,CVE-2013-7267,CVE-2013-7268,CVE-2013-7269,CVE-2013-7270,CVE-2013-7271,CVE-2014-0203,CVE-2014-3144,CVE-2014-3145,CVE-2014-3917,CVE-2014-4508,CVE-2014-4652,CVE-2014-4653,CVE-2014-4654,CVE-2014-4655,CVE-2014-4656,CVE-2014-4667,CVE-2014-4699,CVE-2014-4943,CVE-2014-5077
Sources used:
SUSE Linux Enterprise Server 11 SP1 LTSS (src):    kernel-default-, kernel-ec2-, kernel-pae-, kernel-source-, kernel-syms-, kernel-trace-, kernel-xen-, xen-4.0.3_21548_16-0.5.26
SLE 11 SERVER Unsupported Extras (src):    kernel-default-, kernel-pae-, kernel-xen-