Bugzilla – Bug 919018
VUL-0: CVE-2015-2042: kernel: Incorrect data type in rds_sysctl_rds_table
Last modified: 2016-02-08 14:54:27 UTC
CVE-2015-2042 Max unacked packets/bytes is an int while sizeof(long) was used in the sysctl table. This means that when they were getting read we'd also leak kernel memory to userspace along with the timeout values. Fix: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=db27ebb111e9f69efece08e4cb6a34ff980f8896 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2042 http://seclists.org/oss-sec/2015/q1/624
bugbot adjusting priority
Seem to be introduced by 3e5048495c85 (RDS: sysctls) around 2.6.30. Pushed to SLE11-SP1-TD
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-04-01. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61308
I wonder why nobody noticed (for more than 5 years) that those procfs files show two values rather than one. Personally, I would be more worried about writes than about reads: unicorn:~ # cat /proc/sys/net/rds/max_unacked_bytes 16777216 8 unicorn:~ # cat /proc/sys/net/rds/max_unacked_packets 8 0 unicorn:~ # echo '1111 2222' >/proc/sys/net/rds/max_unacked_bytes unicorn:~ # cat /proc/sys/net/rds/max_unacked_bytes 1111 2222 unicorn:~ # cat /proc/sys/net/rds/max_unacked_packets 2222 0
A simple testcase: BAD: 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 16777216 1 8 16777216 1 11sp1:~ # echo '1111 2222' >/proc/sys/net/rds/max_unacked_packets 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 2222 1 1111 2222 1 11sp1:~ # echo '3333 4444' >/proc/sys/net/rds/max_unacked_bytes 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 3333 4444 1111 3333 4444 GOOD: 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 16777216 8 1 11sp1:~ # echo '1111 2222' >/proc/sys/net/rds/max_unacked_packets 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 16777216 2222 1 11sp1:~ # echo '3333 4444' >/proc/sys/net/rds/max_unacked_bytes 11sp1:~ # cat /proc/sys/net/rds/max_unacked_* /proc/sys/net/rds/ping_enable 4444 2222 1 Fix pushed into cve/linux-3.12 cve/linux-3.0 cve/linux-2.6.32 SLE11-SP1-LTSS case is a bit more complicated as rds.ko is only in kernel-$flavor-extra and ofed-kmp-$flavor there. I'm going to push the fix into openSUSE-13.1 and openSUSE-13.2 now.
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-05-19. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61701
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-06-12. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61844
An update workflow for this issue was started. This issue was rated as important. Please submit fixed packages until 2015-06-15. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/61904
SUSE-SU-2015:1071-1: An update that solves 13 vulnerabilities and has 31 fixes is now available. Category: security (important) Bug References: 899192,900881,909312,913232,914742,915540,916225,917125,919007,919018,920262,921769,922583,922734,922944,924664,924803,924809,925567,926156,926240,926314,927084,927115,927116,927257,927285,927308,927455,928122,928130,928135,928141,928708,929092,929145,929525,929883,930224,930226,930669,930786,931014,931130 CVE References: CVE-2014-3647,CVE-2014-8086,CVE-2014-8159,CVE-2015-1465,CVE-2015-2041,CVE-2015-2042,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3332,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): kernel-docs-3.12.43-52.6.2, kernel-obs-build-3.12.43-52.6.2 SUSE Linux Enterprise Server 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1 SUSE Linux Enterprise Live Patching 12 (src): kgraft-patch-SLE12_Update_5-1-2.3 SUSE Linux Enterprise Desktop 12 (src): kernel-source-3.12.43-52.6.1, kernel-syms-3.12.43-52.6.1
Out of sight, out of mind... I completely forgot about this. As the fix is in all relevant branches SLE12-SP1 SLE12 SLE11-SP4 SLE11-SP3 SLE11-SP3-TD SLE11-SP2-LTSS SLE11-SP1-LTSS SLE11-SP1-TD openSUSE-13.1 openSUSE-13.2 for some time, closing.
SUSE-SU-2015:1174-1: An update that solves 15 vulnerabilities and has 71 fixes is now available. Category: security (moderate) Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Server 11 SP3 for VMware (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1 SUSE Linux Enterprise Server 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-ec2-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1 SUSE Linux Enterprise High Availability Extension 11 SP3 (src): cluster-network-1.4-2.28.1.21, gfs2-2-0.17.1.21, ocfs2-1.6-0.21.1.21 SUSE Linux Enterprise Desktop 11 SP3 (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-source-3.0.101-0.47.55.1, kernel-syms-3.0.101-0.47.55.1, kernel-trace-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1, xen-4.2.5_08-0.7.1 SLE 11 SERVER Unsupported Extras (src): kernel-bigsmp-3.0.101-0.47.55.1, kernel-default-3.0.101-0.47.55.1, kernel-pae-3.0.101-0.47.55.1, kernel-ppc64-3.0.101-0.47.55.1, kernel-xen-3.0.101-0.47.55.1
SUSE-SU-2015:1376-1: An update that solves 15 vulnerabilities and has 71 fixes is now available. Category: security (important) Bug References: 831029,877456,889221,891212,891641,900881,902286,904242,904883,904901,906027,908706,909309,909312,909477,909684,910517,911326,912202,912741,913080,913598,914726,914742,914818,914987,915045,915200,915577,916521,916848,917093,917120,917648,917684,917830,917839,918333,919007,919018,919357,919463,919589,919682,919808,921769,922583,923344,924142,924271,924333,924340,925012,925370,925443,925567,925729,926016,926240,926439,926767,927190,927257,927262,927338,928122,928130,928142,928333,928970,929145,929148,929283,929525,929647,930145,930171,930226,930284,930401,930669,930786,930788,931014,931015,931850 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2015-0777,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3339,CVE-2015-3636 Sources used: SUSE Linux Enterprise Real Time Extension 11 SP3 (src): cluster-network-1.4-2.28.1.22, drbd-kmp-8.4.4-0.23.1.22, iscsitarget-1.4.20-0.39.1.22, kernel-rt-3.0.101.rt130-0.33.38.1, kernel-rt_trace-3.0.101.rt130-0.33.38.1, kernel-source-rt-3.0.101.rt130-0.33.38.1, kernel-syms-rt-3.0.101.rt130-0.33.38.1, lttng-modules-2.1.1-0.12.1.20, ocfs2-1.6-0.21.1.22, ofed-1.5.4.1-0.14.1.22
SUSE-SU-2015:1478-1: An update that solves 18 vulnerabilities and has 25 fixes is now available. Category: security (important) Bug References: 798406,821931,860593,879878,891087,897995,898693,900881,904671,908870,909477,912916,914742,915200,915517,915577,916010,917093,917830,918333,919007,919018,919463,921769,922583,923245,926240,927257,928801,929148,929283,929360,929525,930284,930934,931474,933429,935705,936831,937032,937986,940338,940398 CVE References: CVE-2014-8086,CVE-2014-8159,CVE-2014-9683,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-1805,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2830,CVE-2015-2922,CVE-2015-3331,CVE-2015-3636,CVE-2015-4700,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707 Sources used: SUSE Linux Enterprise Server 11-SP2-LTSS (src): kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-source-3.0.101-0.7.37.1, kernel-syms-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1 SUSE Linux Enterprise Debuginfo 11-SP2 (src): kernel-default-3.0.101-0.7.37.1, kernel-ec2-3.0.101-0.7.37.1, kernel-pae-3.0.101-0.7.37.1, kernel-trace-3.0.101-0.7.37.1, kernel-xen-3.0.101-0.7.37.1
openSUSE-SU-2016:0301-1: An update that solves 57 vulnerabilities and has 21 fixes is now available. Category: security (important) Bug References: 814440,851610,869564,873385,906545,907818,909077,909477,911326,912202,915517,915577,917830,918333,919007,919018,919463,919596,921313,921949,922583,922936,922944,926238,926240,927780,927786,928130,929525,930399,931988,932348,933896,933904,933907,933934,935542,935705,936502,936831,937032,937033,937969,938706,940338,944296,945825,947155,949936,950998,951194,951440,951627,952384,952579,952976,953052,953527,954138,954404,955224,955354,955422,956708,956934,957988,957990,958504,958510,958886,958951,959190,959399,959568,960839,961509,961739,962075 CVE References: CVE-2014-2568,CVE-2014-8133,CVE-2014-8989,CVE-2014-9090,CVE-2014-9419,CVE-2014-9529,CVE-2014-9683,CVE-2014-9715,CVE-2014-9728,CVE-2014-9729,CVE-2014-9730,CVE-2014-9731,CVE-2015-0272,CVE-2015-0777,CVE-2015-1420,CVE-2015-1421,CVE-2015-2041,CVE-2015-2042,CVE-2015-2150,CVE-2015-2666,CVE-2015-2830,CVE-2015-2922,CVE-2015-2925,CVE-2015-3212,CVE-2015-3339,CVE-2015-3636,CVE-2015-4001,CVE-2015-4002,CVE-2015-4003,CVE-2015-4004,CVE-2015-4036,CVE-2015-4167,CVE-2015-4692,CVE-2015-4700,CVE-2015-5157,CVE-2015-5283,CVE-2015-5307,CVE-2015-5364,CVE-2015-5366,CVE-2015-5707,CVE-2015-6937,CVE-2015-7550,CVE-2015-7799,CVE-2015-7833,CVE-2015-7872,CVE-2015-7885,CVE-2015-7990,CVE-2015-8104,CVE-2015-8215,CVE-2015-8543,CVE-2015-8550,CVE-2015-8551,CVE-2015-8552,CVE-2015-8569,CVE-2015-8575,CVE-2015-8767,CVE-2016-0728 Sources used: openSUSE 13.1 (src): cloop-2.639-11.22.2, crash-7.0.2-2.22.2, hdjmod-1.28-16.22.2, ipset-6.21.1-2.26.2, iscsitarget-1.4.20.3-13.22.2, kernel-debug-3.11.10-32.1, kernel-default-3.11.10-32.1, kernel-desktop-3.11.10-32.1, kernel-docs-3.11.10-32.3, kernel-ec2-3.11.10-32.1, kernel-pae-3.11.10-32.1, kernel-source-3.11.10-32.1, kernel-syms-3.11.10-32.1, kernel-trace-3.11.10-32.1, kernel-vanilla-3.11.10-32.1, kernel-xen-3.11.10-32.1, ndiswrapper-1.58-22.1, pcfclock-0.44-258.22.1, vhba-kmp-20130607-2.23.1, virtualbox-4.2.36-2.55.1, xen-4.3.4_10-56.1, xtables-addons-2.3-2.22.1