Bugzilla – Bug 928135
VUL-1: CVE-2015-3332: kernel: TCP Fast Open local DoS
Last modified: 2016-04-27 20:20:21 UTC
Created attachment 631932 [details] patch from http://www.spinics.net/lists/netdev/msg325602.html via rh#1213951 Linux kernel built with the IPv4 networking support(CONFIG_NET) is vulnerable to a DoS flaw. It could occur while using TCP Fast open option when initiating a network connection. This issue is a regression caused by upstream commit '355a901e6cf1', when it was back-ported to older 3.10.y - 3.16.y branches. (355a901e6cf1b2b763ec85caa2a9f04fbcc4ab4a) An unprivileged local user could use this flaw to crash the system resulting in DoS. Upstream fix: ------------- -> http://www.spinics.net/lists/netdev/msg325602.html References: ----------- -> http://www.openwall.com/lists/oss-security/2015/04/18/2 -> https://bugs.debian.org/782515 References: https://bugzilla.redhat.com/show_bug.cgi?id=1213951 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3332 http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-3332.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3332
None of the TD branches has a backport of 355a901e6cf1 so they are not affected.
bugbot adjusting priority
The only affected kernel of ours was SLE12 which got the offending commit with 3.12.40 stable update but it also got the fix with 3.12.41 stable update (so that the maintenance update currently in progress is OK). Neither openSUSE-13.1 nor openSUSE-13.2 have the original backport so that they are not affected. And mainline was never affected so that Factory is also clean. So I guess all we need is to update the references in patches.kernel.org/patch-3.12.40-41
SLE12 patches.kernel.org/patch-3.12.40-41 references updated. Reassigning back to the Security team. For the sake of completeness: TCP Fast open implementation was introduced in kernel 3.6 and was never backported into SLE11 or older.
SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available. Category: security (important) Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130 CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2 SUSE Linux Enterprise Server 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_5-1-2.3 SUSE Linux Enterprise Desktop 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
all fixed