Bug 933970 - (CVE-2015-4177) VUL-0: CVE-2015-4177: kernel-source: [ns: user namespaces panic -- lack of state identification]
(CVE-2015-4177)
VUL-0: CVE-2015-4177: kernel-source: [ns: user namespaces panic -- lack of st...
Status: RESOLVED DUPLICATE of bug 933969
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/117333/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-06-08 17:20 UTC by Marcus Meissner
Modified: 2015-06-12 10:57 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2015-06-08 17:20:17 UTC
CVE-2015-4177

Use CVE-2015-4177 for the issue fixed in
cd4a40174b71acd021877341684d8bb1dc8ea4ae. This code change is not
present in 4.0.2.

original post:
   Hello,

Linux kernel built with the user namespaces support(CONFIG_USER_NS) is vulnerable to a NULL pointer dereference flaw. It could occur when users in user namespaces do unmount mounts.


An unprivileged user could use this flaw to crash the system resulting in DoS.

Upstream fixes:
---------------
  -> https://git.kernel.org/linus/820f9f147dcce2602eefd9b575bbbd9ea14f0953
  -> https://git.kernel.org/linus/cd4a40174b71acd021877341684d8bb1dc8ea4ae

It was introduced by:
---------------------
  -> https://git.kernel.org/linus/ce07d891a0891d3c0d0c2d73d577490486b809e1

Thank you Drew Fisher for reporting this issue to Fedora Security Team.


References:
http://seclists.org/oss-sec/2015/q2/640
Comment 1 Swamp Workflow Management 2015-06-08 22:02:12 UTC
bugbot adjusting priority
Comment 2 Michal Hocko 2015-06-09 08:13:51 UTC
Duplicate of bug 933970 I guess.
Comment 3 Borislav Petkov 2015-06-12 10:57:43 UTC
Yeah, bouncing back.

*** This bug has been marked as a duplicate of bug 933969 ***