Bug 942367 - (CVE-2015-6252) VUL-0: CVE-2015-6252: kernel: vhost fd leak in ioctl VHOST_SET_LOG_FD
(CVE-2015-6252)
VUL-0: CVE-2015-6252: kernel: vhost fd leak in ioctl VHOST_SET_LOG_FD
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/126725/
CVSSv2:RedHat:CVE-2015-6252:1.5:(AV:L...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-08-19 14:23 UTC by Alexander Bergmann
Modified: 2016-10-26 16:10 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2015-08-19 14:23:19 UTC
rh#1251839

A flaw was found in the way Linux kernel's vhost driver treated userspace
provided log fd while processing VHOST_SET_LOG_FD ioctl command. A
privileged local user with access to the /dev/vhost-net files.  The
provided descriptor would never be released and consume kernel memory.

A file descriptor may leak for each VHOST_SET_LOG_FD command issued, eventually
wasting available system resources creating a denial of service.

Patch:
https://lkml.org/lkml/2015/8/10/375

CVE-2015-6252 was assigned to this issue.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1251839
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-6252
http://seclists.org/oss-sec/2015/q3/382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-6252
Comment 1 Swamp Workflow Management 2015-08-19 22:01:00 UTC
bugbot adjusting priority
Comment 2 Borislav Petkov 2015-08-21 13:17:50 UTC
SLE12: applied.
Comment 3 Borislav Petkov 2015-08-25 09:06:56 UTC
cve/3.0: queued. Bouncing back.
Comment 5 Swamp Workflow Management 2015-10-05 15:28:05 UTC
SUSE-SU-2015:1678-1: An update that solves 15 vulnerabilities and has 67 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917830,917968,919463,920016,920110,920250,920733,921430,923002,923245,923431,924701,925705,925881,925903,926240,926953,927355,928988,929076,929142,929143,930092,930934,931620,932350,932458,932882,933429,933721,933896,933904,933907,933936,934944,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0777,CVE-2015-1420,CVE-2015-1805,CVE-2015-2150,CVE-2015-2830,CVE-2015-4167,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    kernel-docs-3.0.101-65.3
SUSE Linux Enterprise Server 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Desktop 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-source-3.0.101-65.1, kernel-syms-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    kernel-default-3.0.101-65.1, kernel-ec2-3.0.101-65.1, kernel-pae-3.0.101-65.1, kernel-ppc64-3.0.101-65.1, kernel-trace-3.0.101-65.1, kernel-xen-3.0.101-65.1
Comment 6 Swamp Workflow Management 2015-10-13 09:22:09 UTC
SUSE-SU-2015:1727-1: An update that solves 7 vulnerabilities and has 44 fixes is now available.

Category: security (important)
Bug References: 856382,886785,898159,907973,908950,912183,914818,916543,920016,922071,924722,929092,929871,930813,932285,932350,934430,934942,934962,936556,936773,937609,937612,937613,937616,938550,938706,938891,938892,938893,939145,939266,939716,939834,939994,940398,940545,940679,940776,940912,940925,940965,941098,941305,941908,941951,942160,942204,942307,942367,948536
CVE References: CVE-2015-5156,CVE-2015-5157,CVE-2015-5283,CVE-2015-5697,CVE-2015-6252,CVE-2015-6937,CVE-2015-7613
Sources used:
SUSE Linux Enterprise Workstation Extension 12 (src):    kernel-default-3.12.48-52.27.1
SUSE Linux Enterprise Software Development Kit 12 (src):    kernel-docs-3.12.48-52.27.2, kernel-obs-build-3.12.48-52.27.1
SUSE Linux Enterprise Server 12 (src):    kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2
SUSE Linux Enterprise Module for Public Cloud 12 (src):    kernel-ec2-3.12.48-52.27.1
SUSE Linux Enterprise Live Patching 12 (src):    kgraft-patch-SLE12_Update_8-1-2.6
SUSE Linux Enterprise Desktop 12 (src):    kernel-default-3.12.48-52.27.1, kernel-source-3.12.48-52.27.1, kernel-syms-3.12.48-52.27.1, kernel-xen-3.12.48-52.27.2
Comment 7 Swamp Workflow Management 2015-11-26 12:18:45 UTC
SUSE-SU-2015:2108-1: An update that solves 8 vulnerabilities and has 51 fixes is now available.

Category: security (important)
Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,938706,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP3 (src):    kernel-docs-3.0.101-0.47.71.3
SUSE Linux Enterprise Server for VMWare 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Server 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Server 11-EXTRA (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Desktop 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-source-3.0.101-0.47.71.1, kernel-syms-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-bigsmp-3.0.101-0.47.71.1, kernel-default-3.0.101-0.47.71.1, kernel-ec2-3.0.101-0.47.71.1, kernel-pae-3.0.101-0.47.71.1, kernel-ppc64-3.0.101-0.47.71.1, kernel-trace-3.0.101-0.47.71.1, kernel-xen-3.0.101-0.47.71.1
Comment 8 Swamp Workflow Management 2015-12-02 14:23:48 UTC
SUSE-SU-2015:2167-1: An update that solves 7 vulnerabilities and has 59 fixes is now available.

Category: security (moderate)
Bug References: 777565,867362,873385,883380,884333,886785,891116,894936,915517,917968,920016,920110,920733,923002,923431,924701,925705,925881,925903,927355,929076,929142,929143,930092,930934,931620,932350,933721,935053,935055,935572,935705,935866,935906,936077,936095,936118,936423,936637,936831,936875,936921,936925,937032,937256,937402,937444,937503,937641,937855,938485,939910,939994,940338,940398,940925,940966,942204,942305,942350,942367,942404,942605,942688,942938,943477
CVE References: CVE-2015-1420,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5697,CVE-2015-5707,CVE-2015-6252
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP4 (src):    kernel-rt-3.0.101.rt130-45.1, kernel-rt_trace-3.0.101.rt130-45.1, kernel-source-rt-3.0.101.rt130-45.1, kernel-syms-rt-3.0.101.rt130-45.1
Comment 9 Swamp Workflow Management 2016-02-05 20:21:01 UTC
SUSE-SU-2016:0354-1: An update that solves 9 vulnerabilities and has 54 fixes is now available.

Category: security (important)
Bug References: 777565,814440,900610,904348,904965,920016,923002,926007,926709,926774,930145,930788,932350,932805,933721,935053,935757,936118,937969,937970,938706,939207,939826,939926,939955,940017,940925,941202,942204,942305,942367,942605,942688,942938,943786,944296,944831,944837,944989,944993,945691,945825,945827,946078,946309,947957,948330,948347,948521,949100,949298,949502,949706,949744,949981,951440,952084,952384,952579,953527,953980,954404,955354
CVE References: CVE-2015-0272,CVE-2015-5157,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215
Sources used:
SUSE Linux Enterprise Real Time Extension 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2, kernel-source-rt-3.0.101.rt130-0.33.44.2, kernel-syms-rt-3.0.101.rt130-0.33.44.1
SUSE Linux Enterprise Debuginfo 11-SP3 (src):    kernel-rt-3.0.101.rt130-0.33.44.2, kernel-rt_trace-3.0.101.rt130-0.33.44.2
Comment 10 Marcus Meissner 2016-02-10 07:24:56 UTC
released
Comment 11 Swamp Workflow Management 2016-08-15 14:10:24 UTC
SUSE-SU-2016:2074-1: An update that solves 48 vulnerabilities and has 13 fixes is now available.

Category: security (important)
Bug References: 816446,861093,928130,935757,939826,942367,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-2015,CVE-2013-7446,CVE-2015-0272,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486
Sources used:
SUSE Linux Enterprise Server 11-SP2-LTSS (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-source-3.0.101-0.7.40.1, kernel-syms-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
SUSE Linux Enterprise Debuginfo 11-SP2 (src):    kernel-default-3.0.101-0.7.40.1, kernel-ec2-3.0.101-0.7.40.1, kernel-pae-3.0.101-0.7.40.1, kernel-trace-3.0.101-0.7.40.1, kernel-xen-3.0.101-0.7.40.1
Comment 12 Swamp Workflow Management 2016-10-26 16:10:15 UTC
openSUSE-SU-2016:2649-1: An update that solves 49 vulnerabilities and has 17 fixes is now available.

Category: security (important)
Bug References: 1004418,758540,816446,861093,917648,928130,935757,939826,942367,944296,945825,946117,946309,948562,949744,949936,951440,952384,953527,954404,955354,955654,956708,956709,958463,958886,958951,959190,959399,961500,961509,961512,963765,963767,964201,966437,966460,966662,966693,967972,967973,967974,967975,968010,968011,968012,968013,968670,969356,970504,970892,970909,970911,970948,970956,970958,970970,971124,971125,971126,971360,972510,973570,975945,977847,978822
CVE References: CVE-2013-7446,CVE-2015-0272,CVE-2015-1339,CVE-2015-3339,CVE-2015-5307,CVE-2015-6252,CVE-2015-6937,CVE-2015-7509,CVE-2015-7515,CVE-2015-7550,CVE-2015-7566,CVE-2015-7799,CVE-2015-7872,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8539,CVE-2015-8543,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2015-8785,CVE-2015-8812,CVE-2015-8816,CVE-2016-0723,CVE-2016-2069,CVE-2016-2143,CVE-2016-2184,CVE-2016-2185,CVE-2016-2186,CVE-2016-2188,CVE-2016-2384,CVE-2016-2543,CVE-2016-2544,CVE-2016-2545,CVE-2016-2546,CVE-2016-2547,CVE-2016-2548,CVE-2016-2549,CVE-2016-2782,CVE-2016-2847,CVE-2016-3134,CVE-2016-3137,CVE-2016-3138,CVE-2016-3139,CVE-2016-3140,CVE-2016-3156,CVE-2016-4486,CVE-2016-5195
Sources used:
openSUSE Evergreen 11.4 (src):    kernel-debug-3.0.101-105.1, kernel-default-3.0.101-105.1, kernel-desktop-3.0.101-105.1, kernel-docs-3.0.101-105.2, kernel-ec2-3.0.101-105.1, kernel-pae-3.0.101-105.1, kernel-source-3.0.101-105.1, kernel-syms-3.0.101-105.1, kernel-trace-3.0.101-105.1, kernel-vanilla-3.0.101-105.1, kernel-vmi-3.0.101-105.1, kernel-xen-3.0.101-105.1, preload-1.2-6.83.1