Bug 889060 – VUL-0: CVE-2014-5045: kernel-source: vfs: refcount issues during unmount on symlink

Bug 889060 - (CVE-2014-5045) VUL-0: CVE-2014-5045: kernel-source: vfs: refcount issues during unmount on symlink

(CVE-2014-5045)
Summary:	VUL-0: CVE-2014-5045: kernel-source: vfs: refcount issues during unmount on s...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	E-mail List
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/104015/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2014-07-25 15:19 UTC by Victor Pereira
Modified:	2016-04-27 19:11 UTC (History)
CC List:	5 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
backport got SLE12 (1.36 KB, patch) 2014-07-28 08:16 UTC, Michal Hocko	Details \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2014-07-25 15:19:57 UTC

CVE-2014-5045

A flaw was found in the way reference counting was handled in the Linux kernel's
VFS subsystem when unmount on symlink was performed.


References:
https://bugzilla.redhat.com/show_bug.cgi?id=1122472
https://lkml.org/lkml/2014/7/21/98 (proposed patch)

Comment 2 Swamp Workflow Management 2014-07-25 22:00:13 UTC

bugbot adjusting priority

Comment 3 Michal Hocko 2014-07-28 08:15:34 UTC

The fix is public 295dc39d941d (fs: umount on symlink leaks mnt count).

It seems that the issue has been introduced by 8033426e6bdb2 (vfs: allow umount to handle mountpoints without revalidating them) in 3.12 which would mean that only SLE12 is affected. Miklos, could you double check please?

The backport seems trivial. I will attach it here in the next comment.

Comment 4 Michal Hocko 2014-07-28 08:16:09 UTC

Created attachment 600026 [details]
backport got SLE12

Comment 6 Michal Hocko 2014-07-28 12:20:08 UTC

pushed to SLE12 branch.

Comment 8 Jeff Mahoney 2014-07-29 17:51:03 UTC

*** Bug 887713 has been marked as a duplicate of this bug. ***

Comment 9 Michal Marek 2014-08-15 13:48:41 UTC

Miklos, please confirm that the bug only affects SLE12 and close the bug in such case.

Comment 10 Miklos Szeredi 2014-08-18 09:43:50 UTC

Bug was introduced inv 3.12-rc1 by 

8033426e6bdb  vfs: allow umount to handle mountpoints without revalidating them

So only kernels 3.12 - .16 are affected.

Comment 11 Marcus Meissner 2014-10-01 12:31:27 UTC

okay, thanks!