Bugzilla – Bug 981058
VUL-0: CVE-2016-4951: kernel: Null pointer dereference in tipc_nl_publ_dump
Last modified: 2018-07-03 21:20:54 UTC
CVE-2016-4951 http://lists.openwall.net/netdev/2016/05/14/28 https://github.com/torvalds/linux/commit/45e093ae2830cd1264677d47ff9a95a71f5d9f9c Without checking the pointer to the netlink socket attribute, it could cause a null pointer dereference when parsing the nested attributes in function tipc_nl_publ_dump. It allows local users to cause a denial of service. This vulnerability affects Linux kernel versions from 3.19 to 4.6. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4951 http://seclists.org/oss-sec/2016/q2/386
bugbot adjusting priority
The code was introduced by commit 1a1a143daf84 tipc: add publication dump to new netlink api in v3.19-rc1 (hasn't been backported to any older branch). Fixed by commit 45e093ae2830 tipc: check nl sock before parsing nested attributes which is in master but not covered by a tag yet (going to be in v4.7-rc1).
Submitted the fix to stable SLE12-SP2 openSUSE-42.1 Only SLE12-SP2 was really needed as TIPC is disabled in openSUSE configs but I guess it's better to add the fix anyway. Closing and reassigning to the security team.
openSUSE-SU-2016:1641-1: An update that solves 19 vulnerabilities and has 17 fixes is now available. Category: security (important) Bug References: 945345,955654,963762,966245,966849,970506,971126,971799,973570,974308,975945,977198,978073,978401,978821,978822,979018,979213,979278,979548,979728,979867,979879,979913,980348,980371,980657,981058,981267,981344,982238,982239,982712,983143,983213,984460 CVE References: CVE-2013-7446,CVE-2016-0758,CVE-2016-1583,CVE-2016-2053,CVE-2016-3134,CVE-2016-3672,CVE-2016-3955,CVE-2016-4482,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4565,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4581,CVE-2016-4805,CVE-2016-4951,CVE-2016-5244 Sources used: openSUSE Leap 42.1 (src): kernel-debug-4.1.26-21.1, kernel-default-4.1.26-21.1, kernel-docs-4.1.26-21.2, kernel-ec2-4.1.26-21.1, kernel-obs-build-4.1.26-21.1, kernel-obs-qa-4.1.26-21.1, kernel-obs-qa-xen-4.1.26-21.1, kernel-pae-4.1.26-21.1, kernel-pv-4.1.26-21.1, kernel-source-4.1.26-21.1, kernel-syms-4.1.26-21.1, kernel-vanilla-4.1.26-21.1, kernel-xen-4.1.26-21.1
openSUSE-SU-2016:2290-1: An update that solves 17 vulnerabilities and has 9 fixes is now available. Category: security (important) Bug References: 963931,970948,971126,971360,974266,978821,978822,979018,979213,979879,980371,981058,981267,986362,986365,986570,987886,989084,989152,989176,990058,991110,991608,991665,994296,994520 CVE References: CVE-2015-8787,CVE-2016-1237,CVE-2016-2847,CVE-2016-3134,CVE-2016-3156,CVE-2016-4485,CVE-2016-4486,CVE-2016-4557,CVE-2016-4569,CVE-2016-4578,CVE-2016-4580,CVE-2016-4805,CVE-2016-4951,CVE-2016-4998,CVE-2016-5696,CVE-2016-6480,CVE-2016-6828 Sources used: openSUSE Leap 42.1 (src): drbd-8.4.6-8.1, hdjmod-1.28-24.1, ipset-6.25.1-5.1, kernel-debug-4.1.31-30.2, kernel-default-4.1.31-30.2, kernel-docs-4.1.31-30.3, kernel-ec2-4.1.31-30.2, kernel-obs-build-4.1.31-30.3, kernel-obs-qa-4.1.31-30.1, kernel-obs-qa-xen-4.1.31-30.1, kernel-pae-4.1.31-30.2, kernel-pv-4.1.31-30.2, kernel-source-4.1.31-30.1, kernel-syms-4.1.31-30.1, kernel-vanilla-4.1.31-30.2, kernel-xen-4.1.31-30.2, lttng-modules-2.7.0-2.1, pcfclock-0.44-266.1, vhba-kmp-20140928-5.1