Bug 935542 – VUL-0: CVE-2015-4692: kernel: kvm: x86: NULL pointer dereference in kvm_apic_has_events function

Bug 935542 - (CVE-2015-4692) VUL-0: CVE-2015-4692: kernel: kvm: x86: NULL pointer dereference in kvm_apic_has_events function

(CVE-2015-4692)
Summary:	VUL-0: CVE-2015-4692: kernel: kvm: x86: NULL pointer dereference in kvm_apic_...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/117906/
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2015-06-22 06:18 UTC by Marcus Meissner
Modified:	2016-08-01 12:09 UTC (History)
CC List:	4 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2015-06-22 06:18:43 UTC

via oss-sec


    https://lkml.org/lkml/2015/6/4/163


    A local user with access to /dev/kvm (usually unprivileged) can use this
    flaw to crash the system.


    arch/x86/kvm/lapic.h

    kvm_apic_has_events

    - return vcpu->arch.apic->pending_events;
    + return kvm_vcpu_has_lapic(vcpu) && vcpu->arch.apic->pending_events;


(not yet available at
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/arch/x86/kvm/lapic.h)

Use CVE-2015-4692.

Comment 1 Swamp Workflow Management 2015-06-22 22:00:27 UTC

bugbot adjusting priority

Comment 2 Takashi Iwai 2015-06-25 13:22:03 UTC

It's merged to Linus tree now, the commit ce40cd3fc7fa40a6119e5fe6c0f2bc0eb4541009

Comment 3 Takashi Iwai 2015-06-25 13:49:14 UTC

I backported the fix to SLE12, openSUSE-13.1 and openSUSE-13.2 branches.
SLE11-SP3/4 and older don't seem to hit.

Comment 4 Borislav Petkov 2015-06-26 08:14:55 UTC

Looks done, bouncing.

Comment 5 Swamp Workflow Management 2015-07-31 08:23:09 UTC

SUSE-SU-2015:1324-1: An update that solves 11 vulnerabilities and has 63 fixes is now available.

Category: security (important)
Bug References: 854817,854824,858727,866911,867362,895814,903279,907092,908491,915183,917630,918618,921430,924071,924526,926369,926953,927455,927697,927786,928131,929475,929696,929879,929974,930092,930399,930579,930599,930972,931124,931403,931538,931620,931860,931988,932348,932793,932897,932898,932899,932900,932967,933117,933429,933637,933896,933904,933907,934160,935083,935085,935088,935174,935542,935881,935918,936012,936423,936445,936446,936502,936556,936831,936875,937032,937087,937609,937612,937613,937616,938022,938023,938024
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1805,CVE-2015-3212,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-5364,CVE-2015-5366
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.44-52.10.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.44-52.10.3, kernel-obs-build-3.12.44-52.10.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.44-52.10.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_6-1-2.1
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.44-52.10.1, kernel-source-3.12.44-52.10.1, kernel-syms-3.12.44-52.10.1, kernel-xen-3.12.44-52.10.1

Comment 6 Swamp Workflow Management 2015-08-14 09:14:47 UTC

openSUSE-SU-2015:1382-1: An update that solves 21 vulnerabilities and has 8 fixes is now available.

Category: security (important)
Bug References: 907092,907714,915517,916225,919007,919596,921769,922583,925567,925961,927786,928693,929624,930488,930599,931580,932348,932844,933934,934202,934397,934755,935530,935542,935705,935913,937226,938976,939394
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-1420,CVE-2015-1465,CVE-2015-2041,CVE-2015-2922,CVE-2015-3212,CVE-2015-3290,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366
Sources used:
openSUSE 13.2 (src):    bbswitch-0.8-3.11.1, cloop-2.639-14.11.1, crash-7.0.8-11.1, hdjmod-1.28-18.12.1, ipset-6.23-11.1, kernel-debug-3.16.7-24.1, kernel-default-3.16.7-24.1, kernel-desktop-3.16.7-24.1, kernel-docs-3.16.7-24.2, kernel-ec2-3.16.7-24.1, kernel-obs-build-3.16.7-24.2, kernel-obs-qa-3.16.7-24.1, kernel-obs-qa-xen-3.16.7-24.1, kernel-pae-3.16.7-24.1, kernel-source-3.16.7-24.1, kernel-syms-3.16.7-24.1, kernel-vanilla-3.16.7-24.1, kernel-xen-3.16.7-24.1, pcfclock-0.44-260.11.1, vhba-kmp-20140629-2.11.1, xen-4.4.2_06-25.1, xtables-addons-2.6-11.1

Comment 7 Swamp Workflow Management 2016-02-01 15:20:00 UTC

openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available.

Category: security (important)
Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075
CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728
Sources used:
openSUSE 13.1 (src):    cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1

Comment 8 Marcus Meissner 2016-08-01 12:09:04 UTC

released