Bug 928135 - (CVE-2015-3332) VUL-1: CVE-2015-3332: kernel: TCP Fast Open local DoS
VUL-1: CVE-2015-3332: kernel: TCP Fast Open local DoS
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2015-04-22 09:19 UTC by Andreas Stieger
Modified: 2016-04-27 20:20 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

patch from http://www.spinics.net/lists/netdev/msg325602.html (1.30 KB, patch)
2015-04-22 09:19 UTC, Andreas Stieger
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-22 09:19:11 UTC
Created attachment 631932 [details]
patch from  http://www.spinics.net/lists/netdev/msg325602.html

via rh#1213951

Linux kernel built with the IPv4 networking support(CONFIG_NET) is vulnerable to a DoS flaw. It could occur while using TCP Fast open option when initiating a network connection. This issue is a regression caused by upstream commit '355a901e6cf1', when it was back-ported to older 3.10.y - 3.16.y branches.


An unprivileged local user could use this flaw to crash the system resulting in DoS.

Upstream fix:
  -> http://www.spinics.net/lists/netdev/msg325602.html

  -> http://www.openwall.com/lists/oss-security/2015/04/18/2
  -> https://bugs.debian.org/782515

Comment 1 Michal Hocko 2015-04-22 15:51:09 UTC
None of the TD branches has a backport of 355a901e6cf1 so they are not affected.
Comment 2 Swamp Workflow Management 2015-04-22 22:00:49 UTC
bugbot adjusting priority
Comment 3 Michal Kubeček 2015-05-15 16:42:01 UTC
The only affected kernel of ours was SLE12 which got the offending commit
with 3.12.40 stable update but it also got the fix with 3.12.41 stable update
(so that the maintenance update currently in progress is OK).

Neither openSUSE-13.1 nor openSUSE-13.2 have the original backport so that
they are not affected. And mainline was never affected so that Factory is
also clean.

So I guess all we need is to update the references in
Comment 4 Michal Kubeček 2015-05-15 16:59:55 UTC
SLE12 patches.kernel.org/patch-3.12.40-41 references updated. Reassigning
back to the Security team.

For the sake of completeness: TCP Fast open implementation was introduced
in kernel 3.6 and was never backported into SLE11 or older.
Comment 5 Swamp Workflow Management 2015-06-16 12:11:29 UTC
SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available.

Category: security (important)
Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130
CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636
Sources used:
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2
SUSE Linux Enterprise Server 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_5-1-2.3
SUSE Linux Enterprise Desktop 12 (src):    kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
Comment 6 Marcus Meissner 2015-09-04 15:11:04 UTC
all fixed